{"id":1113,"date":"2017-01-28T13:13:04","date_gmt":"2017-01-28T13:13:04","guid":{"rendered":"http:\/\/www.plugged.in\/?p=1113"},"modified":"2019-03-18T10:45:01","modified_gmt":"2019-03-18T07:45:01","slug":"finding-spammer-php-script-directadmin","status":"publish","type":"post","link":"https:\/\/www.veriteknik.net.tr\/en\/finding-spammer-php-script-directadmin\/","title":{"rendered":"Finding spammer php script in DirectAdmin"},"content":{"rendered":"<p>There is an easy method to find spammer php script in your home path. Directadmin logs these spammer scripts which are using phpmailer or similar things. To find this:<\/p>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li>Go to your home path<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">cd \/home<\/pre>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li>Find your log files<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">find .\/ -type f -size +1k -name \"php-mail.log\"<\/pre>\n<p>After this find operation, you can see your log files. It means, users that have this log file are could be the potential spammer.<\/p>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li>Tailf your log file.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">tailf \/home\/user\/.php\/php-mail.log<\/pre>\n<p>&nbsp;<\/p>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li>You can see spammer scripts.!!<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">mail() on [\/home\/user\/domains\/domain.com.tr\/public_html\/modules\/mod_users_latest\/files.php(1947) : eval()'d code:775]: To: user@hotmail.com -- Headers: Date: Sat, 28 Jan 2017 15:51:47 +0300 From: Flora &lt;user@domain.com.tr&gt; Message-ID: &lt;3f796c9fb6de893f060882897f360bea@domain.com.tr&gt; X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart\/alternative; boundary=\"b1_3f796c9fb6de893f060882897f360bea\" Content-Transfer-Encoding: 8bit<\/pre>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li>Remove this peace of shit.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<pre class=\"brush: bash; gutter: true; first-line: 1\">rm \/home\/user\/domains\/domain.com.tr\/public_html\/modules\/mod_users_latest\/files.php<\/pre>\n<p>You can easiliy get rid of these spammer scripts using this method. Don&#8217;t forget to clear your mail queue after this operation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There is an easy method to find spammer php script in your home path. Directadmin logs these spammer scripts which are using phpmailer or similar things. To find this: Go to your home path cd \/home Find your log files find .\/ -type f -size +1k -name &#8220;php-mail.log&#8221; After this find operation, you can see [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","footnotes":""},"categories":[461],"tags":[455,473,459],"yst_prominent_words":[605,711,705,709,702,706,704,703,708,712,710,707,713,639,701],"class_list":["post-1113","post","type-post","status-publish","format-standard","hentry","category-directadmin-linux","tag-directadmin","tag-find","tag-spam"],"jetpack_featured_media_url":"","uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"Fehmi Can Tokay","author_link":"https:\/\/www.veriteknik.net.tr\/en\/author\/fehmi-can-tokay\/"},"uagb_comment_info":0,"uagb_excerpt":"There is an easy method to find spammer php script in your home path. Directadmin logs these spammer scripts which are using phpmailer or similar things. To find this: Go to your home path cd \/home Find your log files find .\/ -type f -size +1k -name \"php-mail.log\" After this find operation, you can see&hellip;","_links":{"self":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts\/1113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/comments?post=1113"}],"version-history":[{"count":4,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts\/1113\/revisions"}],"predecessor-version":[{"id":4179,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts\/1113\/revisions\/4179"}],"wp:attachment":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/media?parent=1113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/categories?post=1113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/tags?post=1113"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/yst_prominent_words?post=1113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}