Your web server has a compromised script. Turn off Apache until you fix the problem.
-- Noel Jones "ASAI" <a...@globalchangemusic.org> wrote: >Greetings, > >In the logs I have been seeing many attempts made to send messages to >gmail which seem like there's spam being sent from my server. In the >logs I see this: > >Dec 24 00:05:11 triata amavis[29729]: (29729-06) Passed CLEAN, ><apa...@triata.globalchangemultimedia.net> -> ><ickovjulee...@gmail.com>, >Message-ID: ><20101224070510.bf7acfd8...@triata.globalchangemultimedia.net>, >mail_id: >s69xqJA1Kuer, Hits: -2.6, size: 669, queued_as: 9F457FD80A9, 898 ms >Dec 24 00:05:11 triata postfix/smtp[1065]: BF7ACFD8063: >to=<ickovjulee...@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, >delay=1, >delays=0.09/0.01/0/0.9, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as > >9F457FD80A9) > >What is a problem is that there is no user named apa...@triata... and >this user is sending hundreds of emails out to Gmail. So it looks like > >there's been a compromise. My question is, how do I begin to plug this > >hole?