Spammer exploiting a PHP site, but can't figure out which site - help!
Posted on 2006-05-21
We have a spammer currently using I assume POST/Register_Globals to abuse an open form and is using our webserver to push spam through the SMTP server.
Problem is, this box runs a lot of websites and I have no idea how to start figuring out which site is the site that needs to be fixed up.
Does anyone have an easy method (or set of strings to grep) to try and parse some logs and work out which site is being exploited?