Find spam sending scripts using Exim

In this guide we will show you how to find spam sending scripts on your server.

Spam messages often have a bad effect on the reliability of a domain name and the corresponding IP address. In most cases, mass spam messages lead to an entry of the server IP to a blacklist.

To identify such scripts the exim log files can be used. Exim or MTA are responsible for sending messages - all activities are recorded in the log file /var/log/exim_mainlog.

  • Login on your server using SSH
  • Execute the following command:
    grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | awk '{print $1}' | sort | uniq -c | sort -n
  • The output could be the following:
    1 /home/demoacc/public_html/test
    45189 /home/demoacc3/public_html/fraud
  • We can see that there is a script in /home/demoacc3/public_html/fraud that is sending a few thousend messages

Now you know the path to the script that is sending mass spam messages.
  • spam, exim
  • 92 Users Found This Useful
Was this answer helpful?

Powered by WHMCompleteSolution