Results 1 to 4 of 4
  1. #1
    Join Date
    Mar 2004

    How to find Spam Script

    I found a spam script running in the processes under apache as But no matter how I search I can't seem to find this file, anyone know what is the procedure?

  2. #2
    Join Date
    Mar 2009
    Did you try to locate it with lsof ?

    # lsof -p PID_OF_THE_SCRIPT
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  3. #3
    checking maillogs will definitely help to trace the spammer.
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  4. #4
    Join Date
    Nov 2004
    It could have deleted itself right after starting, to make it hard to find the file, or it could have renamed itself.

    Use lsof to find the process, which may also be hard as it may close and reopen the outgoing connection.

    If you're running suphp you'll be able to see the user. lsof will tell you the current directory. Once you've found that, try:

    find . -mtime -5
    ls -lrt

    to see recently created files and go look in there.

    Or just lock the account and make the account owner pay for solving it!

Similar Threads

  1. How to find the script which uses exim and apache to send spam?
    By Garikus in forum Hosting Security and Technology
    Replies: 7
    Last Post: 12-26-2013, 09:56 AM
  2. Please Help me find a host. NO SPAM PLEASE!
    By thetester in forum Web Hosting
    Replies: 9
    Last Post: 02-01-2009, 08:07 PM
  3. how to find if an IP was used to spam
    By kaliman in forum Web Hosting
    Replies: 6
    Last Post: 05-17-2004, 01:48 PM
  4. how to find the spam domain?
    By winexpert in forum Hosting Security and Technology
    Replies: 7
    Last Post: 01-10-2004, 01:29 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts