Re: Outgoing mail scanning

[Justin Mason <jm...@jmason.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Jim Maul writes:
> EB wrote:
> > We had secured the formmail.pl with the anti-spam version, and we had
> > searched all httpd logs while the spamming occured, but there wasn't
> > any suspicious call to cgi scripts.  We think it could be something
> > harder to check, which is PHP.
> 
> Could you perhaps grep the apache log and count each time a php script 
> was called and see which ones were called the most in a certain time 
> period?  It might give you a list of scripts to start checking.

I'd suspect either "gallery" or PHPNuke.  The latter in particular is
getting exploited widely to relay spam.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFB/9v1MJF5cimLx9ARAvCdAJ482P6XOoNlMzHNWw/gTrSwRt1uhgCglNrv
btZ7LKyLcycMxQRQsp3jLxc=
=U+5K
-----END PGP SIGNATURE-----