Spam: Difference between revisions

From Psygen Wiki
Jump to navigation Jump to search
No edit summary
 
Line 1: Line 1:
How to find and stop spam.
How to find and stop spam.


== Spam from Scripts ==
== Find Scripts that are spamming ==


Find files that have a starting or ending line with a rediculous amount of characters: (probably a hacked page)<br />
Find files that have a starting or ending line with a ridiculous amount of characters: (probably a hacked page)<br />
<pre>
<pre>
find `pwd` -type f -name '*.php'  ! -perm 000 | while read FILE; do FIRST_LINE_BYTES=$(head -n1 $FILE | wc -c); LAST_LINE_BYTES=$(tail -n1 $FILE | wc -c); echo -e "$FIRST_LINE_BYTES $FILE\n$LAST_LINE_BYTES $FILE" ;done | sort -n | uniq
find `pwd` -type f -name '*.php'  ! -perm 000 | while read FILE; do FIRST_LINE_BYTES=$(head -n1 $FILE | wc -c); LAST_LINE_BYTES=$(tail -n1 $FILE | wc -c); echo -e "$FIRST_LINE_BYTES $FILE\n$LAST_LINE_BYTES $FILE" ;done | sort -n | uniq
</pre>
</pre>


Find mail in the mail queue that's sent from a php script:<br />
<code>find /var/spool/exim/input/0/ -name '*-H' | xargs grep -i 'X-PHP-Originating-Script' | awk '{print $2,$3}' | cut -d\( -f1| sort -u </code>
== Find where the spamming script came from ==


Use Filescout to find where the bad file came from:<br />
Use Filescout to find where the bad file came from:<br />
https://mattjung.net/wiki/filescout/
https://mattjung.net/wiki/filescout/


== Clean up ==
== Clean up ==
Remove bouncebacks from the queue:<br />
Remove bouncebacks from the queue:<br />
<code>exiqgrep -i -f '<>' | xargs exim -Mrm</code>
<code>exiqgrep -i -f '<>' | xargs exim -Mrm</code>

Latest revision as of 03:35, 25 October 2017

How to find and stop spam.

Find Scripts that are spamming

Find files that have a starting or ending line with a ridiculous amount of characters: (probably a hacked page)

find `pwd` -type f -name '*.php'  ! -perm 000 | while read FILE; do FIRST_LINE_BYTES=$(head -n1 $FILE | wc -c); LAST_LINE_BYTES=$(tail -n1 $FILE | wc -c); echo -e "$FIRST_LINE_BYTES $FILE\n$LAST_LINE_BYTES $FILE" ;done | sort -n | uniq


Find mail in the mail queue that's sent from a php script:
find /var/spool/exim/input/0/ -name '*-H' | xargs grep -i 'X-PHP-Originating-Script' | awk '{print $2,$3}' | cut -d\( -f1| sort -u

Find where the spamming script came from

Use Filescout to find where the bad file came from:
https://mattjung.net/wiki/filescout/

Clean up

Remove bouncebacks from the queue:
exiqgrep -i -f '<>' | xargs exim -Mrm

Retrieved from "https://wiki.psygen.org/index.php?title=Spam&oldid=12989"