Slightly OT: Postcard Virus/SPAM --RESOLVED
philip at zeiglers.net
Wed Oct 14 00:56:37 IST 2009
I have solved the problem. As I mentioned before, there is no way a user can log in with shell access and everything was being sent as the user apache so it had to be web related.
It turns out the server had package installed called horde which is apparently a framework for creating web applications. Also appears the the default configuration is very unsecure and allowed a hacker to create an application to send out these postcard spam/virus. Removing horde and a reboot fixed the issue.
From: "Philip Zeigler" <philip at zeiglers.net>
Date: Tue, 13 Oct 2009 17:35:09
To: <mailscanner at lists.mailscanner.info>
Subject: Slightly OT: Postcard Virus/SPAM
MailScanner mailing list
mailscanner at lists.mailscanner.info
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner