It's Apache. I'm guessing your web server runs as "apache" so that's why it's sending email as "apache." It doesn't mean Apache is compromised, but it may mean you have a publicly writable directory that has a script. The best thing for you to do is look at the email header and see what script generated the email. It may tell you. osCommerce, Wordpress, Drupal, etc. all have built in email scripts that sometimes get hijacked. Or, someone can upload a file if you have a world writable directory that also executes scripts.
You may want to configure all directories that are writeable so folks can upload files as no-exec directories in your Apache config.
Jason A. Nunnelley +1 2562971652 http://www.google.com/profiles/imjasonn [Member Tekany, LLC] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|