Author Topic: how to know the spam source  (Read 4855 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
how to know the spam source
« on: January 08, 2022, 05:53:31 PM »
Hello,

 Is there any way to know which site sending spam email in the server, i have scanned the server many times, how to know the source of the spam ?

Offline
***
Re: how to know the spam source
« Reply #1 on: January 08, 2022, 06:50:30 PM »
The non privacy invasive way to check is to look in the email header of the spam email, if it was sent using PHP.
But I would assume you don't have a copy of the message, you would have to manually go into the vmail folder and check the correct mailbox in the sent folder, but only if this was not sent using a script...

Also, what are you "scanning"?
/var/log/maillog ?

Can you paste the logs of when a spam happened?

Offline
***
Re: how to know the spam source
« Reply #2 on: January 09, 2022, 03:33:00 AM »
Hello,

 Is there any way to know which site sending spam email in the server, i have scanned the server many times, how to know the source of the spam ?

How did you conclude that there is mail spam on your server?
What log files?

Offline
*
Re: how to know the spam source
« Reply #3 on: January 09, 2022, 01:02:03 PM »
The datacenter,

 and the mail Queue i found a thousand of emails

Offline
*
Re: how to know the spam source
« Reply #4 on: January 09, 2022, 01:09:14 PM »
The non privacy invasive way to check is to look in the email header of the spam email, if it was sent using PHP.
But I would assume you don't have a copy of the message, you would have to manually go into the vmail folder and check the correct mailbox in the sent folder, but only if this was not sent using a script...

Also, what are you "scanning"?
/var/log/maillog ?

Can you paste the logs of when a spam happened?


okay that if not was sent via php script, what if it was ? what should i do beside scanning the server? 

i am scanning with "maldet " and it should be fine now because the spam email stopped.

which log you need.

Thanks you for helping..

Offline
***
Re: how to know the spam source
« Reply #5 on: January 10, 2022, 09:06:59 PM »
If the datacenter was forced to tell you about it themselves, then your IP has its reputation already destroyed and blacklisted many places. You need to fix it fast before the damage is hard to revert. Some email providers simply completely block sending your mails to them. Happened to me once with Outlook. They rejected all my emails and had to go through a lengthy process to whitelist me again after I corrected my server's configuration. Good thing that the IP was only blacklisted with them, no place else.

First of all, check your /var/log/maillog
Paste it here: https://pastebin.com/
Change Paste Exposure to "Unlisted", Create new paste and post here the link.

Notice: Everything is in the log. IP addresses, email addresses, and maybe other sensitive data. If it's ok for you, then share the link here. If not, then just PM it to me if you like
« Last Edit: January 10, 2022, 09:11:01 PM by iraqiboy90 »

Offline
*
Re: how to know the spam source
« Reply #6 on: January 11, 2022, 10:24:07 PM »
simple info:
http://wiki.centos-webpanel.com/tracking-php-script-spam
http://wiki.centos-webpanel.com/track-spam-infected-scripts
there are also other instruction related to mail on the same page
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: how to know the spam source
« Reply #7 on: January 12, 2022, 03:45:08 AM »
simple info:
http://wiki.centos-webpanel.com/tracking-php-script-spam
http://wiki.centos-webpanel.com/track-spam-infected-scripts
there are also other instruction related to mail on the same page


/usr/local/apache/logs/phpmail.log

That is the key man, thank you so much..

Offline
***
Re: how to know the spam source
« Reply #8 on: January 14, 2022, 09:49:53 AM »
simple info:
http://wiki.centos-webpanel.com/tracking-php-script-spam
http://wiki.centos-webpanel.com/track-spam-infected-scripts
there are also other instruction related to mail on the same page


/usr/local/apache/logs/phpmail.log

That is the key man, thank you so much..

So, it was a php script?

Make sure "mail" in php is disabled to avoid such problem in the future.

Check "disable_functions = mail"
PHP-FPM- /opt/alt/php-fpm**/usr/php/php.ini
PHP-CGI- /opt/alt/php**/usr/php/php.ini
PHP-Main- /usr/local/php/php.ini

Offline
*
Re: how to know the spam source
« Reply #9 on: January 17, 2022, 06:49:19 AM »
Hi,
and where is phpmail.log located if I'm using apache + nginx.
In that case papmail.log located in /usr/local/apache/logs/phpmail.log is empty.
Thank you

Offline
*
Re: how to know the spam source
« Reply #10 on: January 17, 2022, 07:20:47 AM »
if you check the wiki links you will see the location of the file. If the file is empty then maybe you didn't sent emails over php.
This is a PHP log so it not related to webservers like apache/nginx.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.