From: Brian Dunning on
I'm currently geotargeting all the IPs in the log, and focusing on the hits from Russia (the majority of these apache@ spams seem to be Russian). I've got a much shorter list of scripts to look at now. Hopefully I'll find some that just use mail() with no scrubbing.
From: Ashley Sheridan on
On Mon, 2010-06-07 at 17:29 -0700, Brian Dunning wrote:

> I'm currently geotargeting all the IPs in the log, and focusing on the hits from Russia (the majority of these apache@ spams seem to be Russian). I've got a much shorter list of scripts to look at now. Hopefully I'll find some that just use mail() with no scrubbing.


I wouldn't bother wasting your time on that to be honest, as spam could
just as easily come from zombie machines, which could be scattered all
over the globe. This sort of distributed attacking seems to be more and
more commonplace these days.

Thanks,
Ash
http://www.ashleysheridan.co.uk


From: Paul M Foster on
On Mon, Jun 07, 2010 at 02:34:23PM -0700, Brian Dunning wrote:

> I think I must have misstated the problem. Thanks to everyone for the replies, but the question is not how to fix it, it's how to find the script being attacked. Many different admins manage many different sites on this server, and I can't even begin to guess how many mail forms are on there from different programmers.
>
> I'm currently downloading the logs as Peter suggested, and will take a look. I'm not much of a sysad and I just thought maybe someone might know a way to sniff outgoing email or something, I really don't know how to attack this. Fixing the scripts is a long term solution, obviously, but I need a short term fix other than killing email on the apache account.
>
> Might be more of a Linux question than a PHP question.

One other piece of information maybe you left out. You say there are
many admins of many sites on this box. Do you *work* for the company
that owns or rents the box or something? Otherwise, other admins'
scripts aren't your problem, just your scripts.

Paul

--
Paul M. Foster