Facebook
Twitter
Erick Nunes
Basic Pleskian
Hello, I would like to know how to find out which site from my plesk server is firing a lot of spam.
With what commands or log files do I see this?
Thank you.
With what commands or log files do I see this?
Thank you.
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion -
Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here
Resolved Checking which site is sending spam
- Thread starter Erick Nunes
- Start date
Erick Nunes
Basic Pleskian
POSTFIX
First thing i'd check is the number of SMTP connections per each email account;
# zgrep 'sasl_method=LOGIN' /usr/local/psa/var/log/maillog* | awk '{print $9}' | sort | uniq -c | sort -nr | head
If nothing looks out of the norm there, it's like something exploiting the PHP mail function. You can create a wrapper script which will basically add additional header information to the messages so that you can identify the source;
Many email messages are sent from PHP scripts on a server. How to find domains on which these scripts are running if Postfix is used?
You can also run the following which will show you in real time what PHP scripts are being hit;
# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ' { if(!str) { str=$1 } else { str=str","$1}}END{print str}'` | grep vhosts | grep php
# zgrep 'sasl_method=LOGIN' /usr/local/psa/var/log/maillog* | awk '{print $9}' | sort | uniq -c | sort -nr | head
If nothing looks out of the norm there, it's like something exploiting the PHP mail function. You can create a wrapper script which will basically add additional header information to the messages so that you can identify the source;
Many email messages are sent from PHP scripts on a server. How to find domains on which these scripts are running if Postfix is used?
You can also run the following which will show you in real time what PHP scripts are being hit;
# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ' { if(!str) { str=$1 } else { str=str","$1}}END{print str}'` | grep vhosts | grep php
Erick Nunes
Basic Pleskian
Erick Nunes
Basic Pleskian
Thank you ! You have already helped me a lot!
Similar threads
