It all started with an email from my Linode server telling me
"Linode Alert - disk io rate".
After deleting manually many email messages using the following command:
# postsuper -d ALL deferred postsuper: Deleted: 146 messages
I had to start finding the problem…
What almost solved the problem was creating PHP logs about emails:
# find . -name php.ini ./php5/cli/php.ini ./php5/apache2filter/php.ini ; The path to a log file that will log all mail() calls. Log entries include ; the full path of the script, line number, To address and headers. ;mail.log = mail.log = /var/log/php.mail.log
Changed permissions to
/var/log/php.mail.log so that it can be written by everyone…
Then I was able to produce really useful output
There was a php script called
sys09725827.php on both my WordPress and Drupal installations!
I deleted the script and everything is fine now.
The following link from Drupal.org helped a lot: https://drupal.org/SA-CORE-2013-003
Had to edit:
# cat /tmp/.htaccess SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 Deny from all Options None Options +FollowSymLinks # Set the catch-all handler to prevent scripts from being executed. SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 # Override the handler again if we're run later in the evaluation list. SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003 # If we know how to do it safely, disable the PHP engine entirely. php_flag engine off