My server got hacked and a php files keep trying to send spam.
How can i find which files are running now?
How can i find which files are running now?
Hi @elisom
The best thing to do is find the PHP file sending the spam. We have a script we run internally that might be helpful for you:
The portion "Directories mail is originating from:"specifically.
There are of course other methods that can be used such as those noted in the threads as follows:
Cant find script sending spam
Check which script or file sending spam mail
Identify account sending spam?
The best thing to do is find the PHP file sending the spam. We have a script we run internally that might be helpful for you:
Code:
perl <(curl -s https://raw.githubusercontent.com/cPanelTechs/SSE/master/sse.pl) -sThere are of course other methods that can be used such as those noted in the threads as follows:
Cant find script sending spam
Check which script or file sending spam mail
Identify account sending spam?
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| J | Official Red Hat log4j checker finds positive | Security | 4 | |
| P | How to find hackers access point | Security | 8 | |
| F | How we can find who is add forwarder email in cPanel | Security | 3 | |
| W | Trying to find the cause of a php script exe:/usr/bin/php cmd:/usr/bin/php | Security | 3 | |
| J | Using clamAV to find phpshell and other ...cool! | Security | 3 |