Vishnu SjIf the spamming started the server load will be increased and the file can be noticed in the process manager or using the command "top c" there is an another way to check the users mails status.Kindly follow the below details :
1.First check the total mails queue's on the server
exim -bpc
Note : if lfd is sending lot mails about the resource alert you just disable it(its your wish)
2.to check who are spammers just paste the below command
grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort| uniq -c|grep cwd|sort -n
It will scan the exim log's and show you the list of username with path(/home/username/public_html/dir)
from which dir the mail was sending and the number of mails sent by the user's.
You need to find the file manually by entering into the directory using "cd /home/username"public_html/path" then type the following command :
ll -ah
Which will display all the files and folders with Size and permission details. you need to check for the spamming script and block it using permission command
0 comments:
Post a Comment