How to track a script sending spam

**grim** · Mar 14th, 2008, 11:59 am

Does anyone know how to track down a script, or however a server is sending spam?

One of my servers is sending spam under an account, I do not host any sites but my sites on this server. I am not sending the spams out, but no matter what I do, I can not stop them.

GRIM added 277 Minutes and 25 Seconds later...

I believe I tracked down the problem.

Somehow someone was able to authenticate themselves as an account of mine on one of my domains, they used this to send spams.

How they were able to get the login details however and how to stop it from happening again is a different story.

I am spending my day changing passwords on as many accounts as possible.

**webster13045** · Mar 14th, 2008, 1:29 pm

Hey Grim

if you want i can run a few tests that i do to see how open it is by trying a couple methods to login on your server

i use theys methods on servers i buy just to be sure they are un hackable

**grim** · Mar 14th, 2008, 1:40 pm

I'm fine with you giving it a go.

What you need? IP?

**orangewebhosting** · Mar 14th, 2008, 4:08 pm

enabled a detailed log watch, it tells you who is doing what, connecting where and where from and how and what there doing when connected and send it in a nice email

**sparks man** · Apr 27th, 2008, 1:34 am

If U want to close the spam through script only ??

do this by using nobody
this by :--
Blocking spam through php script by using nobody:-

From SSH write

PHP Code:


service exim stop

and

PHP Code:


pico /usr/sbin/sendmail

Change the file contain with the following :

PHP Code:


 #!/usr/local/bin/perl 

  

# use strict; 

 use Env; 

 my $date = `date`; 

 chomp $date; 

 open (INFO, ">>/var/log/spam_log") || die "Failed to open file ::$!"; 

 my $uid = $>; 

 my @info = getpwuid($uid); 

 if($REMOTE_ADDR) { 

         print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n"; 

 } 

 else { 

  

        print INFO "$date - $PWD -  @infon"; 

  

 } 

 my $mailprog = '/usr/sbin/sendmail.hidden'; 

 foreach  (@ARGV) { 

         $arg="$arg" . " $_"; 

 } 

  

 open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!n"; 

 while (<STDIN> ) { 

         print MAIL; 

 } 

 close (INFO); 

 close (MAIL);

Then save the file sendmail And change its permissions by

PHP Code:


chmod +x /usr/sbin/sendmail

and read my subject
I just write it yesterday
this is it
block the spam on ur servers , secure ur server from sending spam - Webmaster Forum

do this and tell us the result u get

Eng.ali