php - How to find out which code is using Sendmail? -
we having unknown code (virus?) sending out thousands of mails our server , though think have removed corresponding malicious php file, mails still getting sent out.
how can find out code sending out mails? tried looking under /var/log/maillog no pointers there. other way of finding out?
we using centos distro.
the fact have removed corresponding php file doesn't mean that file didn't manage create copies of elsewhere on system. if these emails beingness sent continuously, ie. not single occurance, possible script has somehow infiltrated crontab files , calling periodically.
take @ crontab file each user (including root) on system. create sure inspect any script crontab executing no matter how innocent looks.
another alternative .htaccess file executing script when presented specific url. 1 hide execution of script in way. inspect .htaccess files unusual rules have no record of...
hopefully 1 or more of these options shed lite on these emails beingness sent from...
php linux sendmail
No comments:
Post a Comment