Page 1 of 1
Locating Spam Sending Scripts
Posted: Wed Nov 30, 2016 10:29 pm
by Lavenblade
My server recently started sending mass spam emails. How do I go about finding the location of the problem? I'm running Debian 8.
Re: Locating Spam Sending Scripts
Posted: Tue Dec 13, 2016 9:02 pm
by DarthVader
ADHOC
You can try add mail() function to disable_functions in php.ini
Re: Locating Spam Sending Scripts
Posted: Wed Dec 14, 2016 6:40 am
by mehargags
Lavenblade wrote:My server recently started sending mass spam emails. How do I go about finding the location of the problem? I'm running Debian 8.
Its a long and tedious process freind.. their is no quick remedy I'm afraid.
>. read mail header from the queue, using exim -Mvh <mailqID> see which script is firing mail.
also
>. Make sure all domains are hosted under separate individual VestaCP users
>. Use eximstats -nr -html -byemaildomain -bydomain /var/log/exim4/mainlog | less > report.html
and read which domain is sending domains.
>. maldet your server to know which script files are not good
Re: Locating Spam Sending Scripts
Posted: Sun Jan 15, 2017 1:58 pm
by misterpat
I'm sure you have it fixed by now, but for anyone that finds this thread, this is a great tool.
In your php.ini file add this code. Modify the log path to your liking.
Code: Select all
mail.add_x_header = On
mail.log = /var/log/phpmail.log
Keep an eye on your log file for the spam scripts.
More information here:
https://blog.rimuhosting.com/2012/09/20 ... ur-server/