Just a security-related heads-up for admins and account holders.
 
One of our servers was reported to spamcop on the 15th for sending of paypal phishing scam emails. As the administrator of the server, I was tasked to finding the source of the offending email and stopping it.
 
After searching through the server logs for the better part of a day, the suexec_log revealed a suspicious script being accessed near the same time that the mail log reported the message was sent. The script was under someone\'s cgi-bin and called mt.cgi. This was an extremely clever move on the part of the perpetrator since the file name mt.cgi is a common file name used for the popular script "Movable Type". Our client\'s mt.cgi was uploaded on the day that the spam was sent, which tipped me off to take a look at it closer.
It appears that a domain user had some files in his cgi-bin named upload.cgi and formmail.cgi. It was only a matter of time before someone on the internet figured it out and uploaded the shell script Gamma Web Shell (the mt.cgi) and blasted out this SPAM to hundreds of victims.
 
We are informing the client of the danger of insecure scripts on his account and in the meantime have suspended his account and taken away cgi permission.
 
WATCH YOUR UPLOAD SCRIPTS! This is the second time this month we have had a server abuse problem due to neglected upload scripts.
 
I hope this is helpful to you.  If you have any more information on phishing or other exploits using Gamma Web Shell, post it here.

Fortunately, our web server IP was not blacklisted since we were able to diagnose and fix the problem so quickly.