Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spammer using PHP...

Discussion in 'General Discussion' started by cyberwisdom, Feb 4, 2004.

  1. cyberwisdom

    cyberwisdom Well-Known Member

    Jun 2, 2003
    Likes Received:
    Trophy Points:
    I found this entry several times in my apache status window in WHM:
    132-260 - 0/0/2 . 0.12 315942 687 0.0 0.00 0.000 (unavailable) GET /index.php?

    Each time with a different email address.

    How do I find out which user is using that index.php file. There are literally hundreds of users there that have an index.php file.

    I don't want to block his IP yet so I can find out which file he is using.

  2. Marty

    Marty Well-Known Member

    Oct 10, 2001
    Likes Received:
    Trophy Points:
    grep the users apache domlogs until you find that ip address and look at the access log entry and see if it will identify the correct script. My guess is that you will find that this is not someone exploiting one of your clients scripts, but that the client is the spammer. I had something very similar happen on one of my servers and I tracked down the index.php file and found some code that was crudely hidden by tabbing it out to column 400 or so in the text file. You couldn't see it when you pico'd or vi'd it, but when I downloaded and opened it in EditPlus, I could see the scroll bar at the bottom showing me there was text way out to the right.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice