Hi, My server is sending fishing mails that relate to a website that I host that is hacked. I removed the contens of the /web directory of that website but the spamming still goes on. To seen where it was comming from I used this website to check if it was PHP/form related: http://www.howtoforge.com/how-to-log-emails-sent-with-phps-mail-function-to-detect-form-spam Although the script works fine, nothing shows up in the log file other than my own test results or the occasional user that uses a form. Because my mail.log shows that user [email protected] is sending the mail I try'd to block his emails with the help of this site: http://www.postfix.org/SMTPD_ACCESS_README.html This how ever did not help and the spamming still goes on. Deleting the user www-data is not an option of course as it is the apache user. If anybody has any idea how to stop this spamming I would be verry thankfull
Are you sure that you deleted the contents of the right web site? Did you run chkrootkit and/or rkhunter? Mabe some kind of backdoor got installed on your server.
resolved No, I'm sure I removed the correct website. What I stil saw in the logging were the messages that could not be deliverd. About 700 of them were still resending them selves every 20 minutes or so. After I cleaned my whole mail que the problem was resolved. More importantly how is it possible to stop any user(including www-data) to send such a large amount of emails. Is there an easy way to set the timmit to 2000 or so? There were send some 70.000 mails of my server in one day. If I could set a limmit it would at least be less harmfull. I found something on the postfix website but I'm no expert on that part. If you have any tips it would be much appreciated.
