The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Misterious script running and sending mails

Discussion in 'E-mail Discussions' started by gersonfs, Feb 16, 2012.

  1. gersonfs

    gersonfs Active Member

    Joined:
    Sep 30, 2007
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Hello!!

    one user on my server is running a perl script called "agitation.pl", see it on ps auxf. It is sending a lot of emails.

    But search with find / -name agitation.pl returns 0 results.

    Suspending account solve the problem, but i think the ideal is find the source of the problem.


    Thanks!
     
  2. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Do you see any mails in the mail queue?

    You can see which username they are using to send out the mail.

    Open the mail and search for a line that says:
    auth-

    Your find command should be:
     
  3. gersonfs

    gersonfs Active Member

    Joined:
    Sep 30, 2007
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Hello ruzbehraja,

    I found the problem.
    A customer had a weak password for FTP. Then someone found out and upload a perl script and ran it as cgi-bin. After running the file was deleted via FTP, but it kept running. So the "find" command did not find the file. I changed the password and now everything is ok.

    Thanks!
     
Loading...

Share This Page