Find spam script location with Exim - VPS / Dedicated Server

In the steps below I'll show how to locate the top scripts on your server sending mail. If any scripts look suspicious, you can check the Apache access logs to find how a spammer might be using your scripts send spam.

To follow the steps below you'll need root access to your server, so you have access to the Exim mail log.

For cPanel Server :

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

For Other Server :

grep cwd /var/log/exim/main.log | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Powered by WHMCompleteSolution