The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail Logs

Discussion in 'E-mail Discussions' started by cragdo, Apr 25, 2005.

  1. cragdo

    cragdo Member

    Joined:
    Jun 29, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    I had not previously added phpsuexec to apache when we had a spammer sign up and spammed. I now have it installed and now am working on trying to narrow down which of the two accounts I know it had to have been.

    Is there any error logs or anything i can view in ssh or whatever to see who sent the mail.

    They sent it via a php script so im assuming it was sent as nobody and basically I wont be able to find out that way. Both users have nothing in their public_html but I had seen one (i forget which) upload some files and then they're not there anymore.

    Better yet, Is there a list of all the logs that I can view on some web page?

    Thanks!
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The email logs won't be of much help to you in retrospect. You're usually much better off looking through the apache error logs:

    /etc/httpd/logs/error_log
    /etc/httpd/logs/suexec_log

    and the users domain logs (if they haven't been rotated) in:

    /etc/httpd/domlogs/domain.com

    Have you checked for things like phpBB forums that have not been updated to at leaset 2.0.13 or phpNuke installations and any other such application installations that are running vulnerable versions?
     
  3. cragdo

    cragdo Member

    Joined:
    Jun 29, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Sweet! Thank you very much.

    When i type cat /etc/httpd/logs/error_log It's very long. Is there a way to check it for a specific date or like the end of it? Thank you
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You can use tail to look at the end of it and can specify the number of lines to show, e.g.:

    tail -30 /etc/httpd/logs/error_log

    You can search for a particular date using grep:

    grep "Apr 21" /etc/httpd/logs/error_log
     
  5. bking

    bking Well-Known Member

    Joined:
    Mar 1, 2004
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney
    cat /etc/httpd/logs/error_log | grep blah
    or
    grep blah /etc/httpd/logs/error_log
    or
    less /etc/httpd/logs/error_log - then use vi type syntax for searching.
     
Loading...

Share This Page