Re: possible compromised system
- Am 28.07.2011 15:49, schrieb Michael Orlitzky:
> On 07/27/11 17:41, Reindl Harald wrote:i can and i do on a bundle of hosts for > 500 domains since
>> Am 27.07.2011 23:22, schrieb Wietse Venema:
>>> Is this machine running a webserver? Look in the access logs
>> if this is the reason consider disable smtp on 127.0.0.1
>> because most of dumb injected scripts are trying this instead
>> the network address!
>> disable php's mail()-function and every function
>> which can excecute shell commands is mandatory
>> (shell_exec, exec, popen.......)
> You can't really disable mail() on a web host, but PHP recently made it
> not-impossible to monitor its use:
nearly ten years - if you can't speak not for me!