We had secured the formmail.pl with the anti-spam version, and we had searched all httpd logs while the spamming occured, but there wasn't any suspicious call to cgi scripts. We think it could be something harder to check, which is PHP.
On Tue, 1 Feb 2005 10:37:26 -0400, Michael 'Moose' Dinn <[EMAIL PROTECTED]> wrote: > > > users in the "Cc" part that we are still trying to track them down. > > The mail header looks as it was sent from our local 127.0.0.1 from > > [EMAIL PROTECTED] user, so we can't block user or ip address. > > They're using formmail or something similar on your web server. > >
