Re: [exim] Hijacked "www" user for sending out spam

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] Hijacked "www" user for sending out spam
list1 <list1@???> (So 19 Mär 2006 02:21:00 CET):
> Hello,
>
> It seems like somebody has hijacked "www" user for sending out spam like
> there is no tomorrow. You can see a small section of my exim log below or a


Once we had some PHP-page just using the simple mail() function from the
PHP library (?). It was quite easy to abuse this function (and it was
abused.) So you should look out for accesses to such pages. I found it
comparing timestamps in log entries.


    Best regards from Dresden
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann HS12-RIPE -----------------------------------------
 gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -