How To Find The Source Of Spam Email Malware In Server

Mass mail (spam) is a very common malware in any cPanel/WHM based web server. It always send massive emails like monster and then causes our web server's IP being blocked and so we couldn't send (real) email. The question is : how to find the source of spam email malware in our web server?

Luckily, Linux is built with many useful and powerful tools. We could use cat and grep to seek the malware source. Here are the steps :

1. Find out the users who send mass mail. Command :

grep 'cwd=/home' /var/log/exim_mainlog | awk -F/ '{print $3}' | sort | uniq -c | sort -n -k 1

We will get the list of users who send mass mail in a day, like this :

2. Seek the source script. Command :

cat /var/log/exim_mainlog | grep user | grep 'date'

Example :

cat /var/log/exim_mainlog | grep forumriau | grep '2015-12-31'

We will get the output like this :

As shown in the output, we get the malware path is in :

/home/forumriau/public_html/wp-admin/network

3. Deactivate the source by changing its permission into 0000 and immune the folder. Command :

chmod -Rf 0000 /home/forumriau/public_html/network

chattr -R +i /home/forumriau/public_html/network

4. Repeat step 2 - 3 per account.

Comments

Q4OS 4.6 "Gemini" Review: A Real Hidden Gem

Distro hopping is a fun adventure. It's a pure joy you can only find in GNU/Linux world. It's a nature you want to escape from what I call 'comfort ecosystem'. You need to play, trying something new even for a few little differences. For a long time I've been using Ubuntu family as my daily driver. The main reason is probably just same as any other Ubuntu user: it's reliable. You can't go wrong with Ubuntu. It works almost in any device, even for the newest one. It is the ultimate Linux distro you can rely on. However, sometimes, you will feel bored. The temptation to flirt with other new distro is unbearable. There are a lot of hot new Linux distros waiting to try. A Real Hidden Gem I've known this distro for a quite long time. At first, it offered Trinity Desktop as the main desktop, which brings me the sweet memories about KDE3. It is simply fast, stable, almost without any issue, and it is based on Debian. I install it on my old machine and I love t

How To Install Mac OS X Lion Theme On Lubuntu / LXDE

Lubuntu 12.04 with Mac OS X Lion Theme, xcompmgr & cairo-dock [click to enlarge] Mac OS X is the special one in the Desktop market. So many people admire it because of its beauty, safety (yes, it is an UNIX) and its profesional image as “an OS for profesional modern art designer”. Yeah, Mac OS X has beautiful look and I do like its look-n-feel. And so, there are so many theme patcher to make our Microsoft Windows or Linux OS become Mac OS X in the appearance. In Linux Desktop, there are some project specialized in designing theme transformation pack to make our Linux desktop to be looked like Mac OS X. The most popular project probably is Mac4Lin. But, all of those projects was designed only for GNOME or sometimes support XFCE and how about LXDE? Our Star in the current lightweight Linux desktop? (Yes, LXDE is the most light-but-complete Linux desktop for now). Until now, there is no project that officially support LXDE. Basically, LXDE uses gtk (now still stay w

Howto Connect To Windows Share Network (Connect To Server) Easily in PCManFM

In Nautilus 3.4, Nemo, or Caja, there is a very useful menu called "Connect to Server". This menu allow us to connect to a Windows Share network via Samba. If you are using another desktop environment such as LXDE, there aren't such menu, and we need to install third party tool called Gigolo . But apparently, PCManFM (the default file manager of LXDE) already has such function. We could connect to a Windows Share network in PCManFM easily. Here are the simple steps : 1. Open PCManFM and go to adress bar, and type this command : smb://username@server/folder example : smb://staff@192.168.1.69/document then press Enter 2. Once you will be asked to input the Windows Share Network password (if exists), select Remember Forever option. 3. You are connected to Windows Share Network ;)

NAMAKU TUX

Search This Blog