On compromised servers it is very common for the exploit to delete its self/logs to hide its presence. Even though the executable may be removed from the filesystem as the process is forked from apache2 the parent process will still … Continue reading →