When we receive the server logs (logwatch, backups, upcp, etc) sometimes we receive a mail telling about a possible uploaded file that can be use for send out spam and a description of where is the file located.
Seems that there is a process somewhere monitoring ftp activity on cpanel servers, and would be nice to apply this to scan files that contains phpshell, shell_exec or other list of words that could be a kiddie script.
You know what I mean? If it works scanning files that contains mail(), sendmail, formmail words could work for the others I mentioned above. Nice to take a look at those scripts and get rid of them and apply a fix if its needed
Bye!
Seems that there is a process somewhere monitoring ftp activity on cpanel servers, and would be nice to apply this to scan files that contains phpshell, shell_exec or other list of words that could be a kiddie script.
You know what I mean? If it works scanning files that contains mail(), sendmail, formmail words could work for the others I mentioned above. Nice to take a look at those scripts and get rid of them and apply a fix if its needed
Bye!
Last edited: