Trace php spamming

From vpsget wiki
Jump to: navigation, search

How to locate php script that is being used for sending spam from your mail server (postfix or sendmail)

Locate your working php.ini file 

php -i | grep 'Configuration File'

Append the following lines to php.ini 

mail.add_x_header = On
mail.log = /var/log/php-mail.log

Create log file: 

touch /var/log/php-mail.log
chmod 777 /var/log/php-mail.log

Restart Apache 

service httpd restart

Watch log live: 

tail -f /var/log/php-mail.log

Also sometimes you'll face spawning and immediately defunc processes that may send email . You can try to find details for such cases using command like: 

ll /proc/$(ps aux | grep bounce | awk '{print$2}')

or 

ll /proc/$(ps aux | grep <PROCESSNAME> | awk '{print$2}')
Retrieved from "https://wiki.vpsget.com/index.php?title=Trace_php_spamming&oldid=7189"