We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Locating Spam Sending Scripts
-
- Posts: 1
- Joined: Thu Nov 03, 2016 2:10 am
Locating Spam Sending Scripts
My server recently started sending mass spam emails. How do I go about finding the location of the problem? I'm running Debian 8.
-
- Posts: 31
- Joined: Wed Jul 13, 2016 1:35 pm
Re: Locating Spam Sending Scripts
ADHOC
You can try add mail() function to disable_functions in php.ini
You can try add mail() function to disable_functions in php.ini
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Locating Spam Sending Scripts
Its a long and tedious process freind.. their is no quick remedy I'm afraid.Lavenblade wrote:My server recently started sending mass spam emails. How do I go about finding the location of the problem? I'm running Debian 8.
>. read mail header from the queue, using exim -Mvh <mailqID> see which script is firing mail.
also
>. Make sure all domains are hosted under separate individual VestaCP users
>. Use eximstats -nr -html -byemaildomain -bydomain /var/log/exim4/mainlog | less > report.html
and read which domain is sending domains.
>. maldet your server to know which script files are not good
Re: Locating Spam Sending Scripts
I'm sure you have it fixed by now, but for anyone that finds this thread, this is a great tool.
In your php.ini file add this code. Modify the log path to your liking.
Keep an eye on your log file for the spam scripts.
More information here:
https://blog.rimuhosting.com/2012/09/20 ... ur-server/
In your php.ini file add this code. Modify the log path to your liking.
Code: Select all
mail.add_x_header = On
mail.log = /var/log/phpmail.log
More information here:
https://blog.rimuhosting.com/2012/09/20 ... ur-server/