Hi! I'm not sure if the following problem is directly related to ISPConfig, but maybe someone here knows: Last night, 2 of our webservers started sending a lot of spam, originating from php-files which were apparently injected into the web folder of several clients. I was able to stop the problem by just deleting the offending files, but I am quite worried how this could happen. All the sites were Drupal 7 Sites. One webserver runs apache2, the other one nginx. ISPconfig 126.96.36.199 is running on both servers. The php-files were located in seemingly random folders in the drupal installation. For example in /web/sites/all/modules/contrib/panels/plugins/page_wizards/alias.php. The php maillog states the following: Code: [22-Oct-2014 07:30:51 UTC] mail() on [/var/www/clients/client11/web22/web/sites/all/modules/contrib/panels/plugins/page_wizards/alias.php(235) : eval()'d code:173]: To: [email protected][email protected][email protected] Does anyone have some pointers how this could have happened, or what can be done to prevent such behaviour.