Date: Sun, 26 Sep 2004 09:54:32 -0500 (CDT) From: "Joseph Koening (jWeb)" <joe@jwebmedia.com> To: joe@jwebmedia.com Cc: freebsd-questions@freebsd.org Subject: Re: locating origin of spammer Message-ID: <52452.69.29.89.98.1096210472.squirrel@69.29.89.98> In-Reply-To: <52356.69.29.89.98.1096209680.squirrel@69.29.89.98> References: <52356.69.29.89.98.1096209680.squirrel@69.29.89.98>
next in thread | previous in thread | raw e-mail | index | archive | help
Right after I posted this I did locate an old version of formmail.pl and disabled it until the customer can replace it with a more secure version. Thanks. > I got up this morning and discovered that someone sent some spam through > one of my servers. The messages were sent from the 'www' user on > localhost, which is leading me to think somewhere someone has an insecure > php or perl script that is allowing someone to designate the recipient, > the subject, body, etc. I know the machine is not open-relay (I tested it > to double check) and I checked to make sure no one had actually logged in. > I grepped all of apache's log files looking for sites that received hits > about the same time the mail started going out. What else can I do to find > how the mail is being sent? Thanks, > > Joe > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52452.69.29.89.98.1096210472.squirrel>