Well you coud do just that but after you turn it back on. Set up a
fresh error log based on the reset of the mail server. You then have
some kind of script monitoring the in and out of your server.
Disconnecting the mail server momentarily and maybe a pass reset for
your users would stunt the hacker for a second, but would help you set
up a line if defense before they found a way back in. I am not a sysad
myself, but that seems like a logical way about it. If you let your
users know ahead of time that this server and pass reset is to save
their server from attack, most will ablige. Also let them know to not
use the same password. There may be a better solution though that I
don't know of. I'll let the gurus interject. :)
Hth
Karl
Sent from losPhone
On Jun 7, 2010, at 4:34 PM, Brian Dunning <brian@xxxxxxxxxxxxxxxx>
wrote:
I think I must have misstated the problem. Thanks to everyone for
the replies, but the question is not how to fix it, it's how to find
the script being attacked. Many different admins manage many
different sites on this server, and I can't even begin to guess how
many mail forms are on there from different programmers.
I'm currently downloading the logs as Peter suggested, and will take
a look. I'm not much of a sysad and I just thought maybe someone
might know a way to sniff outgoing email or something, I really
don't know how to attack this. Fixing the scripts is a long term
solution, obviously, but I need a short term fix other than killing
email on the apache account.
Might be more of a Linux question than a PHP question.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
