• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Apache - php - email hack

T

tnats@

Guest
One of my customers is somehow being hacked but we can't figure it out. Somehow someone is injecting 1000s of emails into qmail.

In the apache error log, I keep seeing this but it doesn't provide an IP address:
sh: /uname: No such file or directory
sh: /echo: No such file or directory
sh: /id: No such file or directory
sh: /cd: No such file or directory
sh: /cd: No such file or directory

More fun stuff:
qmail-inject: fatal: unable to parse this line:
bcc: [email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],[email protected],[email protected],^M
[email protected],mbeaud44@avalue="likelihood inurl:
sh: /uname: No such file or directory
sh: /id: No such file or directory
sh: /echo: No such file or directory
[Sun Feb 18 10:58:03 2007] [error] server reached MaxClients setting, consider raising the MaxClients setting
[Sun Feb 18 13:42:44 2007] [error] [client 71.212.177.30] File does not exist: /usr/share/psa-horde/favicon.ico
sh: /uname: No such file or directory
sh: /echo: No such file or directory
sh: /id: No such file or directory
sh: /cd: No such file or directory


The 71. IP address is a legit customer.

Can anyone help me here?

Thanks,
Tom
 
You must log in or register to reply here.
Back
Top