Skip to main content

Check which script or file sending spam mail

Comments

5 comments

  • Eminds
    It needs a course of commands to find the script that is spamming, the logs and the outputs needs to be monitored. still.... use the below command to see from where the spams are initiating. head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr | head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}'
    0
  • SysSachin
    Hi, You have to find out spamming php script using below command also.
    tail -n 1000 /var/log/exim_mainlog | grep /home
    The above command will display the spam script path.
    0
  • cPanelMichael
    Hello, You may also find these documents helpful: Thank you.
    0
  • samuelmf
    I have used the comands head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr | head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}' Output:
    root@opower [/]# head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr| head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}' 2022-01-16 1128 cwd=/usr/local/cpanel/whostmgr/docroot 92 cwd=/home/wwwcep 11 cwd=/home/peihap/public_html 4 cwd=/tmp 4 cwd=/home/oronegro/public_html 3 cwd=/home/wwwcep/public_html 3 cwd=/home/nortepalmeras/public_html 2 cwd=/home/pelccom/public_html 2 cwd=/home/cafepassmar/public_html 2 cwd=/home/bruckenenergyser/public_html 1 cwd=/root 1 cwd=/home/peihap/public_html/wp.peihap/wp-admin 2022-01-16
    root@opower [/]# tail -n 1000 /var/log/exim_mainlog | grep /home root@opower [/]# Empty My exim queue is still recieving email from peihap to send to gmail and other providers I couldn't find the cause
    0
  • quietFinn
    You can prevent the cPanel account from sending emails, look here for info:
    0

Please sign in to leave a comment.