locating origin of spammer

Joseph Koening (jWeb) joe at jwebmedia.com
Sun Sep 26 07:54:35 PDT 2004

Right after I posted this I did locate an old version of formmail.pl and
disabled it until the customer can replace it with a more secure version.

> I got up this morning and discovered that someone sent some spam through
> one of my servers. The messages were sent from the 'www' user on
> localhost, which is leading me to think somewhere someone has an insecure
> php or perl script that is allowing someone to designate the recipient,
> the subject, body, etc. I know the machine is not open-relay (I tested it
> to double check) and I checked to make sure no one had actually logged in.
> I grepped all of apache's log files looking for sites that received hits
> about the same time the mail started going out. What else can I do to find
> how the mail is being sent? Thanks,
> Joe
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list