Linux Advocate wrote:
/etc/.pwd.lock /usr/share/man/man1/..1.gz /dev/.udev
Please inspect: /usr/share/man/man1/..1.gz (gzip compressed data, from Unix,
max compression) /dev/.udev (directory)
actually, I just checked on another system, those files appear to be normal
google for horde exploits, and you will see there are some that look very much like those apache log entries you saw.