Locating Spam Sending Scripts
-
- Posts: 1
- Joined: Thu Nov 03, 2016 2:10 am
Locating Spam Sending Scripts
My server recently started sending mass spam emails. How do I go about finding the location of the problem? I'm running Debian 8.
-
- Posts: 31
- Joined: Wed Jul 13, 2016 1:35 pm
Re: Locating Spam Sending Scripts
ADHOC
You can try add mail() function to disable_functions in php.ini
You can try add mail() function to disable_functions in php.ini
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Locating Spam Sending Scripts
Its a long and tedious process freind.. their is no quick remedy I'm afraid.Lavenblade wrote:My server recently started sending mass spam emails. How do I go about finding the location of the problem? I'm running Debian 8.
>. read mail header from the queue, using exim -Mvh <mailqID> see which script is firing mail.
also
>. Make sure all domains are hosted under separate individual VestaCP users
>. Use eximstats -nr -html -byemaildomain -bydomain /var/log/exim4/mainlog | less > report.html
and read which domain is sending domains.
>. maldet your server to know which script files are not good
Re: Locating Spam Sending Scripts
I'm sure you have it fixed by now, but for anyone that finds this thread, this is a great tool.
In your php.ini file add this code. Modify the log path to your liking.
Keep an eye on your log file for the spam scripts.
More information here:
https://blog.rimuhosting.com/2012/09/20 ... ur-server/
In your php.ini file add this code. Modify the log path to your liking.
Code: Select all
mail.add_x_header = On
mail.log = /var/log/phpmail.log
More information here:
https://blog.rimuhosting.com/2012/09/20 ... ur-server/