The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spammer using PHP...

Discussion in 'General Discussion' started by cyberwisdom, Feb 4, 2004.

  1. cyberwisdom

    cyberwisdom Well-Known Member

    Joined:
    Jun 2, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    I found this entry several times in my apache status window in WHM:
    132-260 - 0/0/2 . 0.12 315942 687 0.0 0.00 0.000 xxx.xxx.195.20 (unavailable) GET /index.php?to=bigtroy1970@yahoo.com&adj=fortified&adv=intel

    Each time with a different email address.

    How do I find out which user is using that index.php file. There are literally hundreds of users there that have an index.php file.

    I don't want to block his IP yet so I can find out which file he is using.

    Thanx!
     
  2. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
    grep the users apache domlogs until you find that ip address and look at the access log entry and see if it will identify the correct script. My guess is that you will find that this is not someone exploiting one of your clients scripts, but that the client is the spammer. I had something very similar happen on one of my servers and I tracked down the index.php file and found some code that was crudely hidden by tabbing it out to column 400 or so in the text file. You couldn't see it when you pico'd or vi'd it, but when I downloaded and opened it in EditPlus, I could see the scroll bar at the bottom showing me there was text way out to the right.
     
Loading...

Share This Page