It seems like I was hacked last night by someone last night and need help.

[waloshin]

Actually most strange entries I found seem to be caused by misconfiguration like this:

Code:

[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /waloshi /index.html denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /waloshi /index.cgi denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /waloshi /index.pl denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /waloshi /index.php denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /waloshi /index.xhtml denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /waloshi /index.htm denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /forums /index.html denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /forums /index.cgi denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /forums /index.pl denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /forums /index.php denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /forums /index.xhtml denied
[Tue Aug 24 19:16:30 2010] [error] [client xxx.xxx.xxx.xxx] (13)Permission denied: access to /forums /index.htm denied

Which looks like you have configured several index files but the user doesn't have to right to see any of them.
The other thing you should do is to create a favicon.ico to prevent Apache from polluting your error.log with needless stuff.

But you didn't answer my question: did you restart your Apache several times?

No I did not restart apache several time.

[Manko10]

Also not Wed Aug 25 13:39:08 2010, Wed Aug 25 14:34:38 2010 and Sun Aug 29 06:31:53 2010?

[waloshin]

Also not Wed Aug 25 13:39:08 2010, Wed Aug 25 14:34:38 2010 and Sun Aug 29 06:31:53 2010?

Nope. didn't restart apache or even the server for around 2 weeks.

[Manko10]

That's actually strange. And there's no one else who could have restarted Apache on August 25th and August 29th?
Then you should definitely check for some bad processes. When these are able to restart your Apache then they have to run with root privileges which means your server would be completely lost because root can also install Kernel level rootkits.

[waloshin]

I have decided to reinstall the whole sevrer.

[Manko10]

But then you should check all your files for malicious code.

I also wonder where the newest log is. The last entry is from August 29th. That's six days ago.

[EDIT]
Oh, actually an explanation for the strange reboots could be your log rotation daemon which restarts the server gracefully to make Apache using another log file.