I've noticed one of my server is sending mass spam.
The messages are like the one below (sending from:
[email protected]). I've deleted USER_ACCOUNT but I'd like to know how can I identify the script (probably
a hacked PHP script) that sends the mass mail considering this server hosts numerous websites.
I0/83/968855
Mreturntosender: cannot select queue for postmaster: Broken pipe
Fbn
$_Unknown UID 1008@localhost
${daemon_flags}c u
SUSER_ACCOUNT
[email protected]
H?P?Return-Path: <?g>
H??Received: (from Unknown UID 1008@localhost)
by benedictus.MYDOMAIN.COM (8.14.3/8.14.3/Submit) id q5H8Bx9A066412;
Sun, 17 Jun 2012 11:11:59 +0300 (EEST)
(envelope-from USER_ACCOUNT)
H?D?Date: Sun, 17 Jun 2012 11:11:59 +0300 (EEST)
H?M?Message-Id: <
[email protected]>
H??From: Tiffany June <
[email protected]>
H??To: "Fernando" <
[email protected]>
H??Subject: Tiffany June ADDED YOU to her Private Wish List
H??MIME-Version: 1.0
H??Content-Type: multipart/related;
boundary="=_8b944d33596415b2dd4371ef94e08aee