Find spam script location with Exim - VPS / Dedicated Server

In the steps below I'll show how to locate the top scripts on your server sending mail. If any scripts look suspicious, you can check the Apache access logs to find how a spammer might be using your scripts send spam.

To follow the steps below you'll need root access to your server, so you have access to the Exim mail log.

For cPanel Server :

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

For Other Server :
grep cwd /var/log/exim/main.log | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
Was this answer helpful? 2 Users Found This Useful (131 Votes)

Related Articles

How to create a cPanel user account?

To create a new cPanel account go to WHM >> Account Functions >> Create a New...

 How can I limit the number of emails a domain can send out per hour?

Click on the "Tweak Settings" link under "Server Setup". Within the "Mail" section is a text box...

 How can I limit access to certain directories on my server by requiring a password using cPanel/WHM?

In cPanel, it is very simple to limit access to a directory on your server. This can be used to...

 How do I prevent SSL Certificate Warnings when accessing cPanel?

All cPanel servers come with self-signed certificates configured to secure the control panel as a...

 How do I create a MySQL database and user in cPanel/WHM? How do I connect them?

To create a MySQL database and user, log into the cPanel interface for the desired domain and...

Powered by WHMCompleteSolution