Dera, Would you provide me the script. thnx, saki
--- Tom Collins <[EMAIL PROTECTED]> wrote: > On Mar 30, 2006, at 3:10 PM, Bill Shupp wrote: > > Bob Hutchinson wrote: > >> depending on how many users you have, try to find > any php scripts > >> containing > >> 'mail'. If they also contain the above your're > getting somewhere. Of > >> course > >> cgi-bin is also a possibility. Look for > 'mailform' or formmail' etc > >> > >> hope you get lucky > > > > Note that POST values are not logged, so searching > logs may not reveal > > anything. I have better luck looking for dates > that correspond to the > > date of the message. > > When I was under a similar attack, the spams were > going out but the web > logs were going to an error_log. > > My solution was to write a short Perl script that > checked all of the > log file sizes, waited a minute and then checked > again. This narrowed > down the list of possible virtual hosts that were > under attack. > > -- > Tom Collins - [EMAIL PROTECTED] > QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: > http://vpopmail.sf.net/ > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com