Difference between revisions of "Trace php spamming"
Line 13: | Line 13: | ||
Watch log live: | Watch log live: | ||
tail -f /var/log/php-mail.log | tail -f /var/log/php-mail.log | ||
+ | |||
+ | Also sometimes you'll face spawning and immediately defunc processes that may send email . You can try to find details for such cases using command like: | ||
+ | ll /proc/$(ps aux | grep bounce | awk '{print$2}') | ||
+ | or | ||
+ | ll /proc/$(ps aux | grep <PROCESSNAME> | awk '{print$2}') | ||
[[Category:Linux]] | [[Category:Linux]] |
Latest revision as of 17:29, 1 September 2016
How to locate php script that is being used for sending spam from your mail server (postfix or sendmail)
Locate your working php.ini file
php -i | grep 'Configuration File'
Append the following lines to php.ini
mail.add_x_header = On mail.log = /var/log/php-mail.log
Create log file:
touch /var/log/php-mail.log chmod 777 /var/log/php-mail.log
Restart Apache
service httpd restart
Watch log live:
tail -f /var/log/php-mail.log
Also sometimes you'll face spawning and immediately defunc processes that may send email . You can try to find details for such cases using command like:
ll /proc/$(ps aux | grep bounce | awk '{print$2}')
or
ll /proc/$(ps aux | grep <PROCESSNAME> | awk '{print$2}')