How to find which script on my server is sending spam emails

Discussions related with hosting control panels used, which include cPanel, Plesk, Directadmin etc..
Post Reply
stark
Posts: 0
Joined: Fri Sep 16, 2016 10:00 am

How to find which script on my server is sending spam emails

Post by stark »

My server is sending the spam email and I am not able to find out which script is sending them.

The emails were all from nobody@myhost so disabled from the cpanel that nobody should not be allowed to send emails

Now at least they are not going out, I keep receiving them. This is mail I get:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed



Martin
Posts: 36
Joined: Fri Sep 16, 2016 10:34 am

Re: How to find which script on my server is sending spam emails

Post by Martin »

Log into your server via root. Type the below command if exim is installed on your server

grep "cwd" /var/log/exim_mainlog

OR

tail -n 2000 "cwd" /var/log/exim_mainlog

cwd = current working directory. This is the directory from which the email is sent so you can easily find out the infected script in that directory.

If spamming occurred sometime in the past you can try the below command.

zgrep "cwd" /var/log/exim_mainlog-*.gz

>> A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed

There will be an error code/error message below this line. Check the exact error in the bounce back mail and troubleshoot accordingly.
If there was spamming then your IP might be blacklisted in spam databases and that might be the reason why the email bounced back.


Martin
Support Staff
Nixtree Solutions
Managed Backups || Server Management
https://www.nixtree.com



Post Reply