What are some of the ways to track down a spammer on a servere using a php script to send out junkmail? I'm getting some bounced mails but the only thing it's telling me is that the spammer is using:

X-Mailer: PHPBulkEmailer 1.1 http://www.nukedweb.com/

I'm running cpanel so there's no central web server log for me to peruse through. Help!

Originally posted by Skeptical
What are some of the ways to track down a spammer on a servere using a php script to send out junkmail? I'm getting some bounced mails but the only thing it's telling me is that the spammer is using:

X-Mailer: PHPBulkEmailer 1.1 http://www.nukedweb.com/

I'm running cpanel so there's no central web server log for me to peruse through. Help!

Use WHM. Be familliar with your tools. WHM has a very easy to use email management setup (top senders, all that).

Hello,

Since he is using php, it is pretty difficult to find out. Because the script runs in the ownership of nobody(apache). You can enable phpsuexec to catch the culprit.

Usually sysadmins find out the hacker by searching through the home directories for php scripts that use mail() function.

find /home/*/public_html -iname 'index.php' -type f -print | xargs grep -i 'nukedweb.com'

Originally posted by Jim_UK
find /home/*/public_html -iname 'index.php' -type f -print | xargs grep -i 'nukedweb.com'

Take it a step further and do \*.php

Or you could "egrep -i 'string' *" in the domlogs directory