-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jim Maul writes: > EB wrote: > > We had secured the formmail.pl with the anti-spam version, and we had > > searched all httpd logs while the spamming occured, but there wasn't > > any suspicious call to cgi scripts. We think it could be something > > harder to check, which is PHP. > > Could you perhaps grep the apache log and count each time a php script > was called and see which ones were called the most in a certain time > period? It might give you a list of scripts to start checking. I'd suspect either "gallery" or PHPNuke. The latter in particular is getting exploited widely to relay spam. - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFB/9v1MJF5cimLx9ARAvCdAJ482P6XOoNlMzHNWw/gTrSwRt1uhgCglNrv btZ7LKyLcycMxQRQsp3jLxc= =U+5K -----END PGP SIGNATURE-----
