| spammer on server, can't find the script
|
Hammer65
msg:3971534 | 9:48 pm on Aug 13, 2009 (gmt 0) |
I have a cpanel server that apparently has a PHP script sending spam. There are quite a few accounts on the machine and I can't seem to find the script that is doing it. Any suggestions on how to track it down?
|
yz0rx
msg:3971682 | 6:32 am on Aug 14, 2009 (gmt 0) |
You can try this in the directory:
find ./ -name *.php ¦ xargs grep -w "mail(" This will search for any PHP files containing the mail() function. From there, you can get an idea of which scripts are sending emails out. If it's a script that allows visitors to send emails out (such as a 'email this' or 'share this'), a captcha may be needed so bots can't abuse it.
|
yz0rx
msg:3971683 | 6:39 am on Aug 14, 2009 (gmt 0) |
Also found "How To Log Emails Sent With PHP's mail() Function To Detect Form Spam". Then you can read the logs. I have not tried this, but looks like a good idea. [howtoforge.com...]
|
|
|
