My server got hacked and a php files keep trying to send spam.
How can i find which files are running now?
How can i find which files are running now?
Hi @elisom
The best thing to do is find the PHP file sending the spam. We have a script we run internally that might be helpful for you:
The portion "Directories mail is originating from:"specifically.
There are of course other methods that can be used such as those noted in the threads as follows:
Cant find script sending spam
Check which script or file sending spam mail
Identify account sending spam?
The best thing to do is find the PHP file sending the spam. We have a script we run internally that might be helpful for you:
Code:
perl <(curl -s https://raw.githubusercontent.com/cPanelTechs/SSE/master/sse.pl) -sThere are of course other methods that can be used such as those noted in the threads as follows:
Cant find script sending spam
Check which script or file sending spam mail
Identify account sending spam?
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
|
Accidentally ran find / -type f -print0 | xargs -0 chmod 0644 | Security | 1 | |
| C | How to Find the IP Blocked by the Firewall in WHM? | Security | 5 | |
| W | Trying to find the cause of a php script exe:/usr/bin/php cmd:/usr/bin/php | Security | 3 | |
| M | Cant find script sending spam | Security | 2 | |
| M | suspicious process: find history | Security | 7 |