Skip to main content

Sending SPAM e-mails

Comments

5 comments

  • triantech
    Hey, It would probably have to do with invalid scripts in any of your domain which is casing this. You might want to check from which domain the script is coming from. A one-liner which would help you : ( try this command via SSH and see if you can locate the scripts ) - awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1 Thank you
    0
  • cPanelMichael
    Hello :) In addition to the previous reply, you may also find the following document helpful: Prevent Email Abuse Thank you.
    0
  • wbxservicos
    That was the answer : [13:13:09 root@default ~]# awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1 1 cwd=/home/postonb 1 cwd=/home/servidores/public_html/wp-admin 1 cwd=/home/shopping/public_html 1 cwd=/home/wbxservicos/public_html 1 cwd=/home/zzagcom/public_html 2 cwd=/home/andreiab/public_html 2 cwd=/home/andreiab/public_html/wp-admin 4 cwd=/home/auditiva/public_html 4 cwd=/home/revended 4 cwd=/home/tagboxco 4 cwd=/home/zzagcom 5 cwd=/home/servidores/public_html 6 cwd=/home/i9buscom/public_html 6 cwd=/home/marmocom/public_html 7 cwd=/home/balisunc/public_html/wp-admin 13 cwd=/home/panorami 20 cwd=/home/bwwlogcom/public_html 33 cwd=/home/agencia110/public_html/projeto/preambulo 44 cwd=/home/agencia110/public_html/projeto/idealsoft/ws 70 cwd=/home/balisunc/public_html 317 cwd=/home/webeerap 364 cwd=/home/jujordao/public_html/wp-content/plugins/types/embedded/onthego-resources/onthegosystems-icons/css
    I would like to know what this result means ?
    0
  • cPanelMichael
    The number on the left is the number of entries for that directory /var/log/exim_mainlog, indicating the script in that directory is sending email. Check the directories with high sending numbers to ensure legitimate mail is coming from them. Thank you.
    0
  • triantech
    Hey, You might check the scripts in '/home/jujordao/public_html/wp-content/plugins/types/embedded/onthego-resources/onthegosystems-icons/css' are safe ones. vulnerable WP plugins have been causing these sorta issues for a loooong time !
    0

Please sign in to leave a comment.