Am 08.10.2013 07:44, schrieb Stan Hoeppner: >> I've removed the script, I stopped ftp (it seems it was ftp'd) >> >> at the time I've posted, I was on a 4" mobile, and, I was looking for a >> stop gap measure to 'stop further damage' from that point > > Understood. For a more permanent solution to this script problem, you > may want to consider locking down or disabling the pickup service, and > configuring all web applications and MUAs to use the submission service > with auth. This will prevent such scripts from being able to send mail > in the event some crafty soul is able to get one uploaded via something > other than FTP.
disable_functions = mail http://code.google.com/a/apache-extras.org/p/phpmailer/downloads/list i never allowed any webserver in the past 10 years to use the sendmail binary for a lot of reasons like header injections and so on
