Hi! I'm not sure if the following problem is directly related to ISPConfig, but maybe someone here knows: Last night, 2 of our webservers started sending a lot of spam, originating from php-files which were apparently injected into the web folder of several clients. I was able to stop the problem by just deleting the offending files, but I am quite worried how this could happen. All the sites were Drupal 7 Sites. One webserver runs apache2, the other one nginx. ISPconfig 184.108.40.206 is running on both servers. The php-files were located in seemingly random folders in the drupal installation. For example in /web/sites/all/modules/contrib/panels/plugins/page_wizards/alias.php. The php maillog states the following: Code: [22-Oct-2014 07:30:51 UTC] mail() on [/var/www/clients/client11/web22/web/sites/all/modules/contrib/panels/plugins/page_wizards/alias.php(235) : eval()'d code:173]: To: firstname.lastname@example.org -- Headers: From: "FedEx Standard Overnight" <email@example.com> X-Mailer: EircomNetCRCWebmail(http://www.eircom.net/) Reply-To: "FedEx Standard Overnight" <firstname.lastname@example.org> Mime-Version: 1.0 Content-Type: multipart/alternative;boundary= "----------141396305154475D2B66A00" Does anyone have some pointers how this could have happened, or what can be done to prevent such behaviour.