Hello List,
I have been trying to isolate attacks on my server where someone is
using apache to send spam from my host. I have been hit quite a bit in
the past 2 days. Some of my websites have web forms, but I'm pretty sure
that they are tight.
This is a new
line item in my daily Logwatch in the sendmail area that just started to
appear with the spam attacks:
<snip>
Authentication warnings:
apache set sender to info@xxxxxxxxx using -f: 7 Times(s)
</snip>
(info@xxxxxxxxx is a real user on my host.)
Does anybody know what this means?
Where should I start to find the problem?
I am using Redhat9
Apache/2.0.40
php-4.2.2-17.2
sendmail-8.12.8-9.90
sendmail-cf-8.12.8-9.90
mailscanner-4.23-11
mailscanner-mrtg-0.05-3
clamav-0.88
Interchange 5.4
Thanks!
Rick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|