user "apache" email
We have a box that contains user-installed scripts (php/perl/mysql - same as normal share hosting environment), we suspect it's sending out spam (email admin already put a cap on this server). However maillog only shows user apache so we suspect it's one of the web applications/scripts has been compromised. We only inherited this box recently (I really want to get rid of it...). Normally in our environment it's one web application per box and mostly for internal use only therefore figure out which script is sending out email is simple.
How do I figure out which script/webapp (running as apache) is sending out email?
|