- 论坛徽章:
- 0
|
[root@web log]# php -v
PHP 5.2.1 (cli) (built: Jun 27 2007 02:13:17)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with Zend Extension Manager v1.2.0, Copyright (c) 2003-2007, by Zend Technologies
with Zend Optimizer v3.2.8, Copyright (c) 1998-2007, by Zend Technologies
[root@web log]# apachectl -v
Server version: Apache/2.2.3
Server built: Mar 21 2007 19:10:36
运行了sendmail用来发送系统日志Logwatch,在系统邮件发送日志中发现有对外发送邮件的记录
Oct 6 10:52:39 web sendmail[10530]: m962qdtn010530: from=<daemon@web.xxxxx.cn>, size=1571, class=0, nrcpts=1, msgid=<200810060252.m962qduN010529@web.xxxxxxxxxx.cn>, proto=ESMTP, daemon=MTA, relay=web.xxxxxxxxxxx.cn [127.0.0.1]
Oct 6 10:52:39 web sendmail[10529]: m962qduN010529: to==?gbk?B?bG9uZ2Jpbg==?= <longbin@xxxxxxxx.cn>, ctladdr=daemon (2/2), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31346, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m962qdtn010530 Message accepted for delivery)
看发信用户是apache的用户daemon发送的
现在是在想是不是有人在网页中用什么漏洞或方法发送的呢? |
|