jack wrote:
I've had this sort of thing happen a few times, and I'm wondering if
anyone know's any way to figure it out, or prevent it:
You have say, 50 websites running on your webserver (mostly PHP, some
cgi). You start to notice your webserver is sending out HUGE amount of
email (which is spam). Looking at any of the messages in the mail
queue, you notice all the messages are coming from
www-data@host.mydomain.tld, so I know they are coming from apache, but
what site is it coming from!?!
You can patch PHP to add a header to all mail sent via the mail()
function which says what script actually sent the email.. Very useful!
http://www.lancs.ac.uk/~steveb/php-mail-header-patch/
Quoted from site:
The header added has the form:
X-PHP-Script: <servername><php-self> for <remote-addr>
For example:
X-PHP-Script: www.example.com/~user/testapp/send-mail.php for 10.0.0.1
Hope that helps.
-David.