It most likely the php mail() function. With the default install/config when the mail() function sends an email it is sent by the Apache user.

If it is going to someone you know over and over (aka a client) it could be a contact us page.

Mark.

maillists wrote:

Hello List,
I have been trying to isolate attacks on my server where someone is
using apache to send spam from my host. I have been hit quite a bit in
the past 2 days. Some of my websites have web forms, but I'm pretty sure
that they are tight.
This is a new
line item in my daily Logwatch in the sendmail area that just started to
appear with the spam attacks:

<snip>
Authentication warnings:
   apache set sender to [EMAIL PROTECTED] using -f: 7 Times(s)
</snip>
([EMAIL PROTECTED] is a real user on my host.)

Does anybody know what this means?
Where should I start to find the problem?

I am using Redhat9
Apache/2.0.40
php-4.2.2-17.2
sendmail-8.12.8-9.90
sendmail-cf-8.12.8-9.90
mailscanner-4.23-11
mailscanner-mrtg-0.05-3
clamav-0.88
Interchange 5.4

Thanks!
Rick

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



--
___________________________________________
Mark McCulligh, Web Consultant
VisualTech Components www.VisualTech.ca
[EMAIL PROTECTED]
(519)318-7905


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to