From: Kevin Pang (no email)
Date: Sun May 15 2005 - 12:44:01 EDT
"Robin Lynn Frank" wrote:
> There is a known exploit of all but the most recent Awstats that can
> produce exactly this type of problem. There was a thread on this list
> several months ago. Check the archives.
Unfortunately I can't find any threads related with Awstats exploit. I
didn't Awstats could also be used as mail log analyzer and I use it for
apache log only.
The spam email entry in the log file look like:
May 14 14:55:03 pang postfix/smtp: EC0C595C90: to=<>,
relay=mail2.iecc.com[18.104.22.168], delay=724, status=sent (250 ok
1116100192 qp 2255)
What kind of information can I get from it? It would be great if I can find
which script the spammer used, then I can remove it and start my mail server
again. Also probably find how the spammer achieve it.
David Cary Hart Wrote:
>As an aside, your IPa(s) are now probably listed in one or more RBLs
>(block lists). You'll need to review this and request removal AFTER you
>are sure that the problem is solved.
Thanks for the reminding. I will do it after I fix the problem.