Wednesday 30 July 2014

Spamming Detection 

Checking compromised devcot logins :

egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1

Check whether emails are sent using scripts 

grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n

By checking the domlogs in the location /usr/local/apache/domlogs (cpanel servers) we can find the exact script which is used to send the spam. eg :- 

grep POST /usr/local/apache/domlogs/domain.com(The domain in which the spam are sent)



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)