server hacked for spamming.

Hi,

one of my clients server got serverly hacked..and was used for spamming..

now what exactly is happening is..

i think that due to some vunerebilty in phpbb the hacker got access to the tmp directory and was sending emails using nobody through my clients domain
from multiplenames@domain.com

now i tried to find a file which said that .. by phpHS and removed it..
i had permisison i set on it so the root user was non even able to remove it. I changed the permisison and it was removed.

but still the emails are being send using the server;s smtp.

does anybody has any idea how to deal with me.



the file i deleted had the starting contents as under

A powerful php shell program by Hacker Vietnam Association



* Coded for HVA member and Luke's friends to exploit shell



* commands in Unix server. If you have any trouble or suggetion



* contact Luke at hainamluke@hotmail.com or http://hackervn.net



* Special thanks to :



* dodo@****microsoft.com



* con_qua@yahoo.com



* trancongminh@yahoo.com



* HVA Groups



* and people who made PHP Explorer, PHP RemView etc..




if anybody had this kind of thing please help me to get my clients server from being spammed.

thanks

 

 

 

 

Top