The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP sent mail

Discussion in 'E-mail Discussions' started by Slaine, Jan 9, 2006.

  1. Slaine

    Slaine Member

    Joined:
    Feb 9, 2005
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    PHP sent mail [SECURITY : URGENT ADVICE]

    A phishing site was installed through an exploit on one of my customers sites. The script behind it emailed gmail accounts.

    I have been asked by the security/fraud company to supply as much details as i can about who may have entered information on the site to protect their credit. The script used the php mail command, is there any way to see what emailed were sent over a couple of day period? the content would be good so i can pass it on to the company but alternatively when they were sent so i can get the victims IP address to pass on.
     
    #1 Slaine, Jan 9, 2006
    Last edited: Jan 9, 2006
  2. Slaine

    Slaine Member

    Joined:
    Feb 9, 2005
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    can no one help with this? i know emails were sent, i really want to try to protect the victims here :(
     
  3. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    Look in /var/log/exim_mainlog

    To watch the log in real time:
    tail -f /var/log/exim_mainlog

    If the script uses the server UID/GUI of nobody then you are in for some major detective work on your server. There is a workaround for this nobody issue in phpSuExec being compiled in Apache and or there is a code snippet if you don't have phpSuExec compiled. Do a forum search them.

    :)
     
    #3 Izzee, Jan 11, 2006
    Last edited: Jan 11, 2006
Loading...

Share This Page