PHP spam trackdown
Here's all I can get from maillog:
Aug 8 00:58:57 www6 qmail: 1028786337.575722 info msg 1624261: bytes 3783 from <anonymous@www6.dixiesys.com> qp 30306 uid 48
Aug 8 01:00:49 www6 qmail: 1028786449.068190 starting delivery 30663: msg 1624261 to remote kctomahork@yahoo.com
Aug 8 01:13:49 www6 qmail: 1028787229.404824 starting delivery 34236: msg 1624261 to remote kctomahork@yahoo.com
Aug 8 01:40:36 www6 qmail: 1028788836.720326 starting delivery 36538: msg 1624261 to remote kctomahork@yahoo.com
Aug 8 02:21:03 www6 qmail: 1028791263.975010 starting delivery 38914: msg 1624261 to remote kctomahork@yahoo.com
Aug 8 02:21:04 www6 qmail: 1028791264.988152 end msg 1624261
Aug 8 01:00:49 www6 qmail: 1028786449.068190 starting delivery 30663: msg 1624261 to remote kctomahork@yahoo.com
Aug 8 01:13:49 www6 qmail: 1028787229.404824 starting delivery 34236: msg 1624261 to remote kctomahork@yahoo.com
Aug 8 01:40:36 www6 qmail: 1028788836.720326 starting delivery 36538: msg 1624261 to remote kctomahork@yahoo.com
Aug 8 02:21:03 www6 qmail: 1028791263.975010 starting delivery 38914: msg 1624261 to remote kctomahork@yahoo.com
Aug 8 02:21:04 www6 qmail: 1028791264.988152 end msg 1624261
A search for kctomahork in all of the access_logs was fruitless, doing a search of all files in /vhosts/blah/httpdocs right now to see if maybe the email is hardcoded into the PHP script.
ANY other ideas? I'd like to find this little bastard so I can nuke the account appropriately.
