[users@httpd] apache hacked to send spam!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello List, 

I have been trying to isolate attacks on my server where someone is
using apache to send spam from my host. I have been hit quite a bit in
the past 2 days. Some of my websites have web forms, but I'm pretty sure
that they are tight. 

This is a new
line item in my daily Logwatch in the sendmail area that just started to
appear with the spam attacks:

<snip>
Authentication warnings:
    apache set sender to info@xxxxxxxxx using -f: 7 Times(s)
</snip>
(info@xxxxxxxxx is a real user on my host.)

Does anybody know what this means?
Where should I start to find the problem?

I am using Redhat9
Apache/2.0.40
php-4.2.2-17.2
sendmail-8.12.8-9.90
sendmail-cf-8.12.8-9.90
mailscanner-4.23-11
mailscanner-mrtg-0.05-3
clamav-0.88
Interchange 5.4

Thanks!
Rick

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux