Investigating SPAM mail - hidden insecure PHP script

Hi

My friend is getting comlpaints from his hosting Co (sagonet) that his server is sending some spam mails when he is actually isnt sending any such mail. He hardly uses email on the server.

So the Hosting Co had disabled th IP for sometime - did some investigation.

One mail was like :
From an observation standpoint, it appears you may have an insecure PHP script hosted on your server somewhere
I told my friend to disable SMTP and Shell Access.

The last mail was:
Please check your network settings. It appears you have a script that is setting you duplex and speed to 10Full when your switch port is set to 100Full. Your server is now accessible via ssh and ping.
Any idea what this means ?

And how do I get files ? I have ftp access but dont know where to start. Check all php files containing mail() function ?

It seems no one else has access to the server. Any chance someone could have uploaded a script ?

Thanks

 

 

 

 

Top