How do I tracert spam on my server?
Hello. I am using a plain Plesk Server, which is well secured as far as I know. It's running 300 websites.
I do have some clients who are using insecure PHP scripts, so sometimes there is a 20.000 e-mail queue, which is filled with spam.
I wish to look up the sender of spam easily.
Unfortunately 'cat /var/qmail/queue/0/3023230' will only tell me the date of the e-mail sent. If I look up in maillog, it will tell me if it was sent via SMTP or Apache.
But if it is sent via Apache, then I have a problem. I cannot tracert which specific php-file sends out the spam, even though I have a /var/log/spam_log according to tutorials, it doesn't help much.
How do you trace which PHP-file is exploited and sends out the spam?
I do have some clients who are using insecure PHP scripts, so sometimes there is a 20.000 e-mail queue, which is filled with spam.
I wish to look up the sender of spam easily.
Unfortunately 'cat /var/qmail/queue/0/3023230' will only tell me the date of the e-mail sent. If I look up in maillog, it will tell me if it was sent via SMTP or Apache.
But if it is sent via Apache, then I have a problem. I cannot tracert which specific php-file sends out the spam, even though I have a /var/log/spam_log according to tutorials, it doesn't help much.
How do you trace which PHP-file is exploited and sends out the spam?