[BlueOnyx:10150] Trojans and backdoors?
Darren Shea
dshea at ecpi.com
Tue Apr 17 12:34:44 -05 2012
Our BlueOnyx system seems to have been compromised by some sort of php-based
Trojan which is allowing spammers to send spam through the webserver. We're
having a hard time tracking it down to a particular virtual site, and
shutting off php for all users is not an option - besides the people using
WordPress and shopping carts, the SquirrelMail interface breaks when php is
shut off.
Are there any updates which can help with this? We are using the SolarSpeed
5106R-PHP-5.3.8-SOL3AV package, and given all the issues we had getting the
two different versions of php to play nice on BlueOnyx, we don't want to be
to aggressive with upgrading.
Also, is there a way to simply block the webserver from sending out on port
25?
Thank you,
Darren
ECPI Western Broadband
(512)257-1077
(254)213-6116 fax
More information about the Blueonyx
mailing list