Date: Sun, 26 Sep 2004 09:41:20 -0500 (CDT) From: "Joseph Koening (jWeb)" <joe@jwebmedia.com> To: freebsd-questions@freebsd.org Subject: locating origin of spammer Message-ID: <52356.69.29.89.98.1096209680.squirrel@69.29.89.98>
next in thread | raw e-mail | index | archive | help
I got up this morning and discovered that someone sent some spam through one of my servers. The messages were sent from the 'www' user on localhost, which is leading me to think somewhere someone has an insecure php or perl script that is allowing someone to designate the recipient, the subject, body, etc. I know the machine is not open-relay (I tested it to double check) and I checked to make sure no one had actually logged in. I grepped all of apache's log files looking for sites that received hits about the same time the mail started going out. What else can I do to find how the mail is being sent? Thanks, Joe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52356.69.29.89.98.1096209680.squirrel>