Spam

From Psygen Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

How to find and stop spam.

Find Scripts that are spamming

Find files that have a starting or ending line with a ridiculous amount of characters: (probably a hacked page)

find `pwd` -type f -name '*.php'  ! -perm 000 | while read FILE; do FIRST_LINE_BYTES=$(head -n1 $FILE | wc -c); LAST_LINE_BYTES=$(tail -n1 $FILE | wc -c); echo -e "$FIRST_LINE_BYTES $FILE\n$LAST_LINE_BYTES $FILE" ;done | sort -n | uniq


Find mail in the mail queue that's sent from a php script:
find /var/spool/exim/input/0/ -name '*-H' | xargs grep -i 'X-PHP-Originating-Script' | awk '{print $2,$3}' | cut -d\( -f1| sort -u

Find where the spamming script came from

Use Filescout to find where the bad file came from:
https://mattjung.net/wiki/filescout/

Clean up

Remove bouncebacks from the queue:
exiqgrep -i -f '<>' | xargs exim -Mrm

Retrieved from "https://wiki.psygen.org/index.php?title=Spam&oldid=12989"