the directory is user:group apache:apache... so check your apache logs.... go over your apache logs with a fine toothed comb. specifically look for: file timestamps that match files in the directory(May 25 13:56). POST requests, this will usually very quickly show you the requests and the web app hole. after finding the hole/IP, search your apache logs for all requests from that IP address.
once things have slowed down, be a good netizan and contact yahoo.com abuse to let them know about the collection email account.
ps: take a deep breath, it's not the end of the world.
Linux Advocate wrote:
[root@fwgw unix]# ls -al total 4352 drwxr-xr-x 2 apache apache 360 Jun 3 23:47 . drwxrwxrwt 3 root root 60 Jun 3 00:24 .. -rwxr-xr-x 1 apache apache 0 May 19 06:02 124.164.find.22 -rwxr-xr-x 1 apache apache 0 Mar 24 22:28 129.135.find.22 -rwxr-xr-x 1 apache apache 0 Mar 24 22:25 129.find.22 -rwxr-xr-x 1 apache apache 0 May 25 13:54 21.168.find.22 -rwxr-xr-x 1 apache apache 12687 May 25 06:16 60.191.find.22 -rw-r--r-- 1 apache apache 0 Jun 3 23:45 83.182.find.22 -rwxr-xr-x 1 apache apache 4631 Apr 21 17:50 84.2.find.22 -rwxr-xr-x 1 apache apache 0 May 25 06:17 89.38.find.22 -rwxr-xr-x 1 apache apache 2362 May 19 15:28 91.204.find.22 -rwxr-xr-x 1 apache apache 216 May 18 2005 auto -rwxr-xr-x 1 apache apache 4374933 May 15 19:41 data.conf -rwxr-xr-x 1 apache apache 15729 Oct 14 2005 find -rw-r--r-- 1 apache apache 5262 Jun 3 23:45 log -rwxr-xr-x 1 apache apache 751 May 25 06:33 unix -rw-r--r-- 1 apache apache 0 Jun 3 23:04 vuln.txt -rwxr-xr-x 1 apache apache 671 May 25 13:56 x