From Psygen Wiki
Jump to navigation Jump to search

How to find and stop spam.

Find Scripts that are spamming

Find files that have a starting or ending line with a ridiculous amount of characters: (probably a hacked page)

find `pwd` -type f -name '*.php'  ! -perm 000 | while read FILE; do FIRST_LINE_BYTES=$(head -n1 $FILE | wc -c); LAST_LINE_BYTES=$(tail -n1 $FILE | wc -c); echo -e "$FIRST_LINE_BYTES $FILE\n$LAST_LINE_BYTES $FILE" ;done | sort -n | uniq

Find mail in the mail queue that's sent from a php script:
find /var/spool/exim/input/0/ -name '*-H' | xargs grep -i 'X-PHP-Originating-Script' | awk '{print $2,$3}' | cut -d\( -f1| sort -u

Find where the spamming script came from

Use Filescout to find where the bad file came from:

Clean up

Remove bouncebacks from the queue:
exiqgrep -i -f '<>' | xargs exim -Mrm