This is a short and easy way to track down the source of a compromised PHP script that is spamming out of your system.

Change the /etc/php.ini sendmail path to:

sendmail_path = /usr/local/bin/sendmail-php -t -i

and then create that file with the following contents:

#!/bin/sh

logger -p mail.info sendmail-php: site=${HTTP_HOST}, client=${REMOTE_ADDR}, script=${SCRIPT_NAME}, filename=${SCRIPT_FILENAME}, docroot=${DOCUMENT_ROOT}, pwd=${PWD}, uid=${UID}, user=$(whoami)

/usr/sbin/sendmail -t -i $*

chmod +x that file and restart apache.

Now when a php script is called and sends a piece of mail, it is logged to the log file and you can then trace back what is legitimate and what isn’t. Spammers tend to be very…brute force…so it is usually pretty apparent, fairly quickly, which script is being abused.


Category: linux, php, spam

Leave a Reply

Categories


gives good tech

tech.superhappykittymeow.com
Kale is one of the smartest people I know

Racker Hacker
Major is always good for leet deetz