Facebook
Twitterdragnovich
Basic Pleskian
Hello I had a server which was sending "suspiciusly" many emails "spam", and I was wondering how to detect WHAT scripts (PHP) are sending the emails using sendmail.
So googling, I found -
http://kb.parallels.com/en/1711
and I implemented it and, It really help me to detectet practically all scripts (PHP, PERL & CGI) that where involved in the SPAM attack, how ever this wrapper only LOGS from WHICH directory is been run the script not ACTUALLY which script does the mail sending. So If I get 4 or more (as an example) scripts that actually can send mail in a directory I cant know wich of those sent the email.
Is any way I can modify the wrapper to actually LOG the sender script?
For example right now, Im getting this in the mail log:
X-Additional-Header: /
The spam email in here .....
It appears to be sended from the root, and listing the root / directory there's no scripts or programs, links etc..
So how can I get the running path $PWD and the Caller script ?
Any help will be welcome
Regards
So googling, I found -
http://kb.parallels.com/en/1711
and I implemented it and, It really help me to detectet practically all scripts (PHP, PERL & CGI) that where involved in the SPAM attack, how ever this wrapper only LOGS from WHICH directory is been run the script not ACTUALLY which script does the mail sending. So If I get 4 or more (as an example) scripts that actually can send mail in a directory I cant know wich of those sent the email.
Is any way I can modify the wrapper to actually LOG the sender script?
For example right now, Im getting this in the mail log:
X-Additional-Header: /
The spam email in here .....
It appears to be sended from the root, and listing the root / directory there's no scripts or programs, links etc..
So how can I get the running path $PWD and the Caller script ?
Any help will be welcome
Regards
Last edited:
