Sometimes you will find that your servers IP address is becoming blacklisted because of spaming coming from your server. This is normally caused by vulnerable PHP scripts existing on your server (such as non upgraded WordPress installations). If you'd like to find out how to find those scripts, keep reading!
The default MTA (Mail Transfer Agent) in cPanel/WHM is exim. With exim, there are specific log file(s) that we can use to help find out what scripts are responsible for emails coming from your server. For this article, we will be using the /var/log/exim_mainlog log file:
1. Login to your server via SSH
2. Type in the following command at the command prompt:
    grep cwd /var/log/exim_mainlog | grep -v /var/spool | grep home | awk '{print $3}'
The above command will provide you the locations of the PHP scripts that are sending out email, along with the dates and times, and email ID. Please note it won't give the exact name of the location, only the directory in which the script resides.
Once you have the location where the script is, you can use the “cd” command to change directory to that location and look for scripts which don't belong.
Scripts that are likely responsible for spam will be shown in the output very frequently and without much time in between (sometimes not even a second in between). We've observed a commonality of spam scripts being in /theme or /gallery directories, especially among WordPress installations.
- 82 Usuários acharam útil
Artigos Relacionados
                    
                         Adding Additional Modules to PHP via WHM
                    
                                        
                            Additional modules can be added to PHP via the WHM control panel. Below are instructions on how...
                    
                         Video Tutorial: Create Hosting Account in WHM
                    
                                        
                            Please do not hesitate to contact us if you need any further assistance.
                    
                         cPanel: How to Clear Brute Force Logs via SSH
                    
                                        
                            Login into your VPS via SSH and enter: echo "delete from brutes; delete from logins;" | mysql...
                    
                         Video Tutorial: Managing DNS Zones in WHM
                    
                                        
                            Please do not hesitate to contact us if you need any further assistance.
                    
                         Video Tutorial: What is the difference between WebHost Manager (WHM) and cPanel
                    
                                        
                    Please do not hesitate to contact us if you need any further assistance.
