| Author |
Message |
webconcepts
Joined: 17 Sep 2008
Posts: 5
|
| Posted: Fri Dec 02, 2011 4:59 am Post subject: find what php script is spamming |
|
|
| Hi I had a bit of a look on the web but can not find anything simple, how could I trace what scripts are using phpmail to send spam? |
|
| Back to top |
|
Azathoth
Joined: 07 Dec 2009
Posts: 263
|
| Posted: Fri Dec 02, 2011 5:35 am Post subject: |
|
|
Code:
find /path/to/scripts -type f | xargs file | grep -i "PHP script" | cut -d':' -f 1 | xargs grep -ni "mail"
Unless the code to send mail uses sockets directly (in which case grep for "socket" instead of "mail"), or is stored as encoded string and eval()'d, meaning you could look for eval()s that should not be there. |
|
| Back to top |
|
Guspaz
Joined: 26 May 2009
Posts: 1150
Location: Montreal, QC
|
| Posted: Fri Dec 02, 2011 12:59 pm Post subject: |
|
|
| If you've got PHP scripts on your system sending spam, there's a good chance your box has been compromised and should be wiped clean. |
|
| Back to top |
|
| |
