Nixtree.com - 24x7 Technical Support & Server Management

24x7 Technical Support & Server Management
https://www.nixtree.com/forum/

How to find which script on my server is sending spam emails

https://www.nixtree.com/forum/viewtopic.php?t=14209

Page 1 of 1

How to find which script on my server is sending spam emails

Posted: Mon Oct 03, 2016 9:04 am
by stark
My server is sending the spam email and I am not able to find out which script is sending them.

The emails were all from nobody@myhost so disabled from the cpanel that nobody should not be allowed to send emails

Now at least they are not going out, I keep receiving them. This is mail I get:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed

Re: How to find which script on my server is sending spam emails

Posted: Tue Oct 04, 2016 1:38 pm
by Martin
Log into your server via root. Type the below command if exim is installed on your server

grep "cwd" /var/log/exim_mainlog

OR

tail -n 2000 "cwd" /var/log/exim_mainlog

cwd = current working directory. This is the directory from which the email is sent so you can easily find out the infected script in that directory.

If spamming occurred sometime in the past you can try the below command.

zgrep "cwd" /var/log/exim_mainlog-*.gz

>> A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed

There will be an error code/error message below this line. Check the exact error in the bounce back mail and troubleshoot accordingly.
If there was spamming then your IP might be blacklisted in spam databases and that might be the reason why the email bounced back.


Martin
Support Staff
Nixtree Solutions
Managed Backups || Server Management
https://www.nixtree.com
All times are UTC+05:30
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited