Find spam sending php script in Directadmin

There is an easy method to find spammer php script in your home path. Directadmin logs these spammer scripts which are using phpmailer or similar things. To find this:

  1. Go to your home
    cd /home
  2. Find your log files
    find ./ -type f -size +1k -name "php-mail.log"

    After this find operation, you can see your log files. It means, users that have this log file are could be the potential spammer.

  3. Tail -f your log file.
    tail -f /home/user/.php/php-mail.log
  4. You can see spammer scripts.!!

[17-Dec-2019 09:07:54 UTC] mail() on [/home/webtechnolog/domains/fahimshakir.com/public_html/contact.php:18]: To: [email protected] — Headers: From: [email protected] Reply-To: [email protected] Content-type: text/html; charset=iso-8859-1 — Subject: Enquiry
[17-Dec-2019 10:10:38 UTC] mail() on [/home/webtechnolog/domains/acmewebsolutions.in/public_html/contact.php:18]: To: [email protected] — Headers: From: Reply-To: Content-type: text/html; charset=iso-8859-1 — Subject: Acme Web Solutions Enquiry

5. Remove this spam sending mail script

.

rm /home/webtechnolog/domains/acmewebsolutions.in/public_html/contact.php

You can easiliy get rid of these spammer scripts using this method. Don’t forget to clear your mail queue after this operation.

Was this article helpful?
YesNo

Leave a Reply

Your email address will not be published. Required fields are marked *