Facebook
Twitter
Erick Nunes
Basic Pleskian
Hello, I would like to know how to find out which site from my plesk server is firing a lot of spam.
With what commands or log files do I see this?
Thank you.
With what commands or log files do I see this?
Thank you.
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion -
Inviting everyone to the UX test of a new security feature in the WP Toolkit
For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.
Resolved Checking which site is sending spam
- Thread starter Erick Nunes
- Start date
Erick Nunes
Basic Pleskian
POSTFIX
First thing i'd check is the number of SMTP connections per each email account;
# zgrep 'sasl_method=LOGIN' /usr/local/psa/var/log/maillog* | awk '{print $9}' | sort | uniq -c | sort -nr | head
If nothing looks out of the norm there, it's like something exploiting the PHP mail function. You can create a wrapper script which will basically add additional header information to the messages so that you can identify the source;
Many email messages are sent from PHP scripts on a server. How to find domains on which these scripts are running if Postfix is used?
You can also run the following which will show you in real time what PHP scripts are being hit;
# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ' { if(!str) { str=$1 } else { str=str","$1}}END{print str}'` | grep vhosts | grep php
# zgrep 'sasl_method=LOGIN' /usr/local/psa/var/log/maillog* | awk '{print $9}' | sort | uniq -c | sort -nr | head
If nothing looks out of the norm there, it's like something exploiting the PHP mail function. You can create a wrapper script which will basically add additional header information to the messages so that you can identify the source;
Many email messages are sent from PHP scripts on a server. How to find domains on which these scripts are running if Postfix is used?
You can also run the following which will show you in real time what PHP scripts are being hit;
# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ' { if(!str) { str=$1 } else { str=str","$1}}END{print str}'` | grep vhosts | grep php
Erick Nunes
Basic Pleskian
Erick Nunes
Basic Pleskian
Thank you ! You have already helped me a lot!
Similar threads
