• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Php script on vhosts

D

DeltaFox2211

New Pleskian
Hello everyone,

Last night i found out that someone manipulated one of my domains.
They are now sending through a php script spam mails.

I tried the following things.
1.) I installed a sendmail-wrapper but that wasn't working don't know why, did everything what was in the plesk FAQ
2.) I was searching for the script in every directory

So now here comes the suspicious part.

I got mails from the mailer daemon and he said the UID and name of the script were 10003 and the script has the name utf.php
So i did the following.
I searched in passwd for the UID number 10003
And i discovered that there is no user with the UID 10003
Ok then i did the following i searched on the whole server with the command find -iname 'utf.php' but nothing returned.

So my question is how do i find the script and why is the mailer-daemon sending me this stuff and why is there no user with the id 10003 but the mailer-daemon says there is one.?


Hope someone can help me because i am now at the end of my possibilities..

My specs:.
Plesk 11.0
Ubuntu Server 10.04 LTS
Qmail
 
You must log in or register to reply here.

Similar threads

enerspace
Question Bounce emails end up in spam – DMARC triggered on local deliveries?
Replies
0
Views
714
enerspace
enerspace
J
Question clobbered PHP-CLI after apt upgrade
Replies
9
Views
3K
James Heinrich
J
P
Resolved Disable output buffering
Replies
4
Views
1K
Patashoow
P
C
Question Monitoring a Plesk Server (services, domains, etc.) with Zabbix
Replies
2
Views
1K
Faris Raouf
F
Roberto Randall
Question Error executing JScript
Replies
3
Views
2K
Roberto Randall
Roberto Randall
Back
Top