Find spam script location with Exim - VPS / Dedicated Server

In the steps below I'll show how to locate the top scripts on your server sending mail. If any scripts look suspicious, you can check the Apache access logs to find how a spammer might be using your scripts send spam.

To follow the steps below you'll need root access to your server, so you have access to the Exim mail log.

For cPanel Server :

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

For Other Server :

grep cwd /var/log/exim/main.log | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

Was this answer helpful?

 Print this Article

Also Read

How to host the primary domain from a subfolder (.htaccess)?

Summary The public_html directory for all of its Web site files. Addon domains use sub...

How to whitelist your IP at CPHulk

IF IP got banned by CPHulk few times and it is really not a pleasant thing knowing that you need...

How can I limit the number of emails a domain can send out per hour?

Click on the "Tweak Settings" link under "Server Setup". Within the "Mail" section is a text box...

What is the difference between Local, Backup, and Remote Mail Exchanger in cPanel?

These are options for the DNS zone for a domain in cPanel. Essentially, this tells cPanel how you...

Clone a cPanel server configuration to a new server (excluding server specific items)

As a Server Administrator, I want the ability to clone a cPanel server to a new setup, so that...

Powered by WHMCompleteSolution