The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How can i tell which scirpt is broadcasting spam?

Discussion in 'General Discussion' started by jols, Dec 5, 2005.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Some idiot is broadcasting a phishing spam from a script in their account, or something like that. The sender reference is "nobody" so I am assuming this is the case.

    Headers all look like this:

    1EjKpC-0002Ng-GJ-H
    nobody 99 99
    <nobody@#####.#####.com>
    1133806350 0
    -ident nobody
    -received_protocol local
    -body_linecount 42
    -auth_id nobody
    -auth_sender nobody@breeze.linksky48.com
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -local
    XX


    I have hashed out my server name and domain in the above.

    I know you can recompile Apache with PHP suEXEC Support for a more explicit header if a php script is doing this, but for reasons various we would prefer not to do this.

    I have been searching for a resolution in this regard for years at this point, and I am agast that it is sooooo friggen hard to do what should be much more simple IMHO.

    Thanks very much in advance for any help here.
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    you can put

    log_selector = +all

    in the top box of Exim Configuration Editor advance mode

    and watch your exim log to find out what script is sending the spam
     
  3. beebware

    beebware Active Member

    Joined:
    Aug 2, 2003
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Excellent! Thanks for these posts.
     
  5. makan

    makan Active Member

    Joined:
    Nov 4, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    jakarta
    these post also solve my problem

    Thank you....

    :D
     
  6. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Running PHPSUEXEC prevents this sort of problem as you can always see which script sent the email. There's also some CPanel tweaks you can use to restrict outgoing email.
     

Share This Page