On Mon, 2010-06-07 at 14:34 -0700, Brian Dunning wrote: > I think I must have misstated the problem. Thanks to everyone for the replies, but the question is not how to fix it, it's how to find the script being attacked. Many different admins manage many different sites on this server, and I can't even begin to guess how many mail forms are on there from different programmers. > > I'm currently downloading the logs as Peter suggested, and will take a look. I'm not much of a sysad and I just thought maybe someone might know a way to sniff outgoing email or something, I really don't know how to attack this. Fixing the scripts is a long term solution, obviously, but I need a short term fix other than killing email on the apache account. > > Might be more of a Linux question than a PHP question. > > See if you can find all calls to a mail function in PHP. The easiest way to use a form to send spam is to enter your own headers, for example, in one of the fields. For instance, if a form has a to field, just enter a string like this: "test@xxxxxxxx\nbcc:spam@xxxxxxxx" which will then send email to the spam address as a bcc recipient. Thanks, Ash http://www.ashleysheridan.co.uk
