[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apache: what site is sending email from www-data


I suggest you first have a look in your web server logs, it will show you all the queries that were issued to send those spams. Second, you can have a look into http://www.php.net/mail, there you will find a very usefull script in the user comments that helps keeping the mail() function a bit more secure, and send alerts whenever a suspicious "content-type:", "charset=","mime-version:","multipart/mixed","bcc:" field was in.

I hope that helps,


jack wrote:
I've had this sort of thing happen a few times, and I'm wondering if anyone know's any way to figure it out, or prevent it:

You have say, 50 websites running on your webserver (mostly PHP, some cgi). You start to notice your webserver is sending out HUGE amount of email (which is spam). Looking at any of the messages in the mail queue, you notice all the messages are coming from www-data@host.mydomain.tld, so I know they are coming from apache, but what site is it coming from!?!

I've been curious about running PHP under fastcgi w/apache2 with FastCGIsuEXEC enabled for each site. From what I understand, doing this would make the example I gave before send out mail from (UID-SET)@host.mydomain.tld (rather then www-data) which would do exactly as I'd want.

What's your experience with this sort of thing? Any suggestions?


Reply to: