Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
webconcepts
PostPosted: Fri Dec 02, 2011 5:59 am 
Offline
Senior Newbie

Joined: Wed Sep 17, 2008 1:17 pm
Posts: 12
Hi I had a bit of a look on the web but can not find anything simple, how could I trace what scripts are using phpmail to send spam?
Top
   
Reply with quote  
Azathoth
 Post subject:
PostPosted: Fri Dec 02, 2011 6:35 am 
Offline
Senior Member

Joined: Mon Dec 07, 2009 6:46 am
Posts: 331
Code:
find /path/to/scripts -type f | xargs file | grep -i "PHP script" | cut -d':' -f 1 | xargs grep -ni "mail"


Unless the code to send mail uses sockets directly (in which case grep for "socket" instead of "mail"), or is stored as encoded string and eval()'d, meaning you could look for eval()s that should not be there.
Top
   
Reply with quote  
Guspaz
 Post subject:
PostPosted: Fri Dec 02, 2011 1:59 pm 
Offline
Senior Member
User avatar

Joined: Tue May 26, 2009 3:29 pm
Posts: 1691
Location: Montreal, QC
If you've got PHP scripts on your system sending spam, there's a good chance your box has been compromised and should be wiped clean.
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group