Check which script or file sending spam mail
how i can check which script or file sending spam mail
i made ticket 2-3 times that one of my account sending spam mails n they told that php
file sending that remove that file can you tell me that command so i can check myself every time and how i can stop them
-
It needs a course of commands to find the script that is spamming, the logs and the outputs needs to be monitored. still.... use the below command to see from where the spams are initiating. head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr | head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}' 0 -
Hi, You have to find out spamming php script using below command also. tail -n 1000 /var/log/exim_mainlog | grep /home
The above command will display the spam script path.0 -
Hello, You may also find these documents helpful: Thank you. 0 -
I have used the comands head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr | head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}' Output: root@opower [/]# head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr| head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}' 2022-01-16 1128 cwd=/usr/local/cpanel/whostmgr/docroot 92 cwd=/home/wwwcep 11 cwd=/home/peihap/public_html 4 cwd=/tmp 4 cwd=/home/oronegro/public_html 3 cwd=/home/wwwcep/public_html 3 cwd=/home/nortepalmeras/public_html 2 cwd=/home/pelccom/public_html 2 cwd=/home/cafepassmar/public_html 2 cwd=/home/bruckenenergyser/public_html 1 cwd=/root 1 cwd=/home/peihap/public_html/wp.peihap/wp-admin 2022-01-16
root@opower [/]# tail -n 1000 /var/log/exim_mainlog | grep /home root@opower [/]# Empty My exim queue is still recieving email from peihap to send to gmail and other providers I couldn't find the cause0
Please sign in to leave a comment.
Comments
5 comments