Topic: tracking down php script sending spam

[Qwazi]

Aloha from Maui,

I have a website hosted on a windows 2008 server R2 using IIS7 and PHP (5.6 I believe) with fastCGI. I did not create the site and I'm not PHP friendly. The creator is quite the newbie as well but he used Joomla and did a pretty good job on the site. However, he doesn't know how to turn off all the email features. There is no "contact us" form or "send to a friend" link, it's just a basic static site.

The IP address wound up on the RBL's because this website is spamming. I tried locking down port 25 on the windows firewall but it somehow manages to find its way around. Blocking port 25 at the router is not a good solution because this thing keeps trying to spam and it's slowing the machine way down.

I've tried looking at various logs. I could never make the PHP log work but I looked at the IIS logs, SQL logs, etc. and couldn't find anything related to what PHP file is doing this.

Anybody want to try and help me locate this?

Thanks in advance.

[James Blond]

From PHP 5.3 you can log the script and the mail

see http://php.net/manual/en/mail.configuration.php

if you still have a question plese ask again.

[Qwazi]

OK, so I read that entire article and all the replies. I don't know what to do.

I've modified the PHP.INI file. I simply commented out all the mail functions but it still sends mail.

If I set these functions specific, what would I use to simply stop all mail from occuring? Or could I set it up to at least dump these emails in someplace benign?

Thanks again.

[James Blond]

You need to set it like