I recently moved a website to a win 2008 server. This is the only PHP site I host. I am more or less a newbie to php. I didn't create the site, I just moved it.
After discovering we were on RBL's I found that there is a php script spamming through my server. The only way I can stop it is to rename php-cgi.exe. Obviously that takes the site down.
This is a simple website and it doesn't have any contact forms or any reason to send email. I have disabled port 25 via firewall but this script manages to work around that. I installed wireshark to watch it flood smtp traffic as soon as that file php-cgi file becomes active.
There are thousands of php files on this machine. I have no clue how to find or stop this script. Isn't there an easy way to disable this?
Help much appreciated.