Hi everyone, i´m kind of desesperate, my server sends spam from email acounts very similar to the real one.
Real Mail Account: [email protected]
Spammers:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
....
After of write this: grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n
I get this details:
So it seems its root user witch sends spam, but i can not find a way to get the spammer script
Thanks very much
Real Mail Account: [email protected]
Spammers:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
....
After of write this: grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n
I get this details:
Code:
1 /home/biovidrio/public_html
1 /home/meollo/public_html
1 /home/tyd/public_html
1 /home/webes/public_html/base
1 /home/webes/public_html/clinicadental
1 /home/webes/public_html/serviamb
1 /var/log
2 /home/adventurerooms/public_html
2 /home/webes/public_html/tienda
3 /home/enigmabohemia/public_html
3 /home/legionella/public_html
4 /home/ruraly/public_html
4 /home/webes/public_html
4 /home/webtematica/public_html
5 /home/actormania/public_html
5 /home/albertogorgojo/public_html
5 /home/algodonmerlin/public_html
5 /home/antonioaznar/public_html
5 /home/elperiodismo/public_html
5 /home/fisioterapia/public_html
5 /home/fontanerosmadrid/public_html
5 /home/inmobiliaria/public_html
5 /home/kristianboys/public_html
5 /home/serviamb/public_html
6 /home/disenowebmadrid/public_html
7 /home/costurasnontol/public_html
7 /home/cursoderevit/public_html
8 /tmp
14 /home/portalclasico/public_html
78 /
110 /usr/local/apache/domlogs/portalclasico
181 /home
960 /root
6748 /usr/local/cpanel/whostmgr/docroot
Thanks very much
Last edited by a moderator: