On Tue, 2006-05-23 at 02:45, Paul Howarth wrote: > I don't think that's what this is. Form spam takes advantage of > poorly-coded mail/contact forms and uses them to send mail to recipients > other than those intended by the form designer. > > What's happening here is that the spammer is running their own code > (downloaded into /tmp) to send the mail, a rather more serious > situation. If you have ssh access open there's a fair chance that someone has done a brute-force password guess. There is a lot of that going around. Or you didn't apply all of the current updates before exposing the system to the internet. -- Les Mikesell lesmikesell@xxxxxxxxx