Webserver being used for creating spam.

[coopermarsh]

My httpd version is 2.2.3

I am running drupal cms, I keep getting messages in the postfix queue from apache with faked domain emaiol addresses eg Firstname_lastname@mydomain.com

I only have ports 80 and 443 open through the fire wall.

Is ths a drupal form issue or a httpd server issue?

 

[Noway2]

Your running version 2.2.3, which was released on Fri, 28 Jul 2006. This is seriously outdated and suggests that your system is likely in similar condition and is undoubtedly contributing to your being compromised. Drupal may also be the source of many vulnerabilities, as well as the underlying PHP. The short answer to your question of whether or not it is a server or Drupal issue, the answer is undoubtedly both.

 

[coopermarsh]

Server version: Apache/2.2.3
Server built: Nov 8 2012 10:44:37

PHP 5.3.3 (cli) (built: May 4 2012 07:52:25)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

 

[Noway2]

If you are interested in performing a forensic investigation into the compromise, I would recommend posting on the security forum of Linuxquestions.org and asking for help. If you are not, then I would wipe the system completely, bring everything up to date, and carefully examine all web content and user files while moving things over one step at at time.

 

[coopermarsh]

All sorted now.

just a matter of the access.log and the postcat command.

Drupal patched mailq is clean.

thanks