• We value your experience with Plesk during 2025
    Plesk strives to perform even better in 2026. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2025.
    Please take this short survey:
    https://survey.webpros.com/

Php script on vhosts

D

DeltaFox2211

New Pleskian
Hello everyone,

Last night i found out that someone manipulated one of my domains.
They are now sending through a php script spam mails.

I tried the following things.
1.) I installed a sendmail-wrapper but that wasn't working don't know why, did everything what was in the plesk FAQ
2.) I was searching for the script in every directory

So now here comes the suspicious part.

I got mails from the mailer daemon and he said the UID and name of the script were 10003 and the script has the name utf.php
So i did the following.
I searched in passwd for the UID number 10003
And i discovered that there is no user with the UID 10003
Ok then i did the following i searched on the whole server with the command find -iname 'utf.php' but nothing returned.

So my question is how do i find the script and why is the mailer-daemon sending me this stuff and why is there no user with the id 10003 but the mailer-daemon says there is one.?


Hope someone can help me because i am now at the end of my possibilities..

My specs:.
Plesk 11.0
Ubuntu Server 10.04 LTS
Qmail
 
You must log in or register to reply here.

Similar threads

B
Question Couple adjustments for local sending, templates bouncing, and preventing local to spam
Replies
2
Views
243
Bossman
B
enerspace
Question Bounce emails end up in spam – DMARC triggered on local deliveries?
Replies
0
Views
1K
enerspace
enerspace
P
Resolved php8.3-fpm error since July 18th, 2025
Replies
7
Views
4K
PeterKi
P
T
Resolved PHP-FPM Opcache bug - warning repeatedly thrown and logged in error log
Replies
12
Views
5K
Sebahat.hadzhi
Sebahat.hadzhi
Jeff HANRIOT
Input MariaDB 11.4 migration
Replies
2
Views
1K
learning_curve
learning_curve
Back
Top