Re: apache: what site is sending email from www-data
I suggest you first have a look in your web server logs, it will show
you all the queries that were issued to send those spams. Second, you
can have a look into http://www.php.net/mail, there you will find a very
usefull script in the user comments that helps keeping the mail()
function a bit more secure, and send alerts whenever a suspicious
field was in.
I hope that helps,
I've had this sort of thing happen a few times, and I'm wondering if
anyone know's any way to figure it out, or prevent it:
You have say, 50 websites running on your webserver (mostly PHP, some
cgi). You start to notice your webserver is sending out HUGE amount of
email (which is spam). Looking at any of the messages in the mail
queue, you notice all the messages are coming from
firstname.lastname@example.org, so I know they are coming from apache, but
what site is it coming from!?!
I've been curious about running PHP under fastcgi w/apache2 with
FastCGIsuEXEC enabled for each site. From what I understand, doing
this would make the example I gave before send out mail from
(UID-SET)@host.mydomain.tld (rather then www-data) which would do
exactly as I'd want.
What's your experience with this sort of thing? Any suggestions?