[courier-users] PHP hacked. Cleanup help please

[Geo]

Good afternoon,

Sending this from gmail. I'm hoping it doesn't butcher the formatting
or make this unreadable or inconvenient for anyone.

I was recently hit with a php hack, and that allowed the kiddie to
move files and send mail as user 'nobody'. Like, 380,000 over 18
hours. My first attempt at cleaning this up was to generate a list of
all the mailids that matched user 'nobody' and use 'cancelmsg' to get
rid of them. However, from what I'm seeing in the mail logs, that
still means they have to come up in queue and be processed before
they'll get cancelled.

It also doesn't appear to be foolproof, as I'm still seeing some of
those messages processing in what appears to be a normal fashion. So,
2 questions:

1) What did I miss? Shouldn't that have gotten rid of *any* message
from that sender?

2) Was/is there a more efficient way to wholesale delete the messages
from the queue without even having to process them? I briefly thought
of having a script tree-walk through the msgs folders and start
removing files that matches patterns, but wanted to try for simpler
methods first.

I look forward to any assistance.

Regards,

- zj


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users