Check which script or file sending spam mail

sahil3x1

Registered
Oct 23, 2012
1
0
1
cPanel Access Level
Root Administrator
how i can check which script or file sending spam mail

i made ticket 2-3 times that one of my account sending spam mails n they told that php
file sending that remove that file can you tell me that command so i can check myself every time and how i can stop them
 

Eminds

Well-Known Member
Nov 10, 2016
319
32
28
India
cPanel Access Level
Root Administrator
It needs a course of commands to find the script that is spamming , the logs and the outputs needs to be monitored.

still.... use the below command to see from where the spams are initiating.

head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr | head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}'
 
  • Like
Reactions: ebuka

SysSachin

Well-Known Member
Aug 23, 2015
604
48
28
India
cPanel Access Level
Root Administrator
Twitter
Hi,
You have to find out spamming php script using below command also.
Code:
tail -n 1000 /var/log/exim_mainlog | grep /home
The above command will display the spam script path.
 
  • Like
Reactions: ebuka