?
Solved

Scan for malicious code on server

Posted on 2004-08-31
14
Medium Priority
?
315 Views
Last Modified: 2010-04-22
Hi ,one of the users on our server is sending spam from our server thru php or cgi script.
Because in our log it only shows that apache has sent an email.

How can I find out which user is sending it or is there some programs or scripts that will allow me to scan for malicious mail sending scirpts?

Thanks
0
Comment
Question by:basara55
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
14 Comments
 
LVL 5

Expert Comment

by:webtrans
ID: 11941900
first u have to find out which script is sending the email
then check the log for which ip is requesting this folder
?
0
 

Author Comment

by:basara55
ID: 11941918
Well yes thats the problem I am having , How can I find out there is trizillion scripts and users on the server.
0
 
LVL 5

Expert Comment

by:webtrans
ID: 11941939
what server side scripting language are avilable on the server?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:basara55
ID: 11941944
php , jsp , cgi (perl)
0
 
LVL 5

Accepted Solution

by:
webtrans earned 672 total points
ID: 11941996
use this to analyse ur apache log file
it will give u a clue
http://awstats.sourceforge.net/
0
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 11947450
The apache logfile in /var/log will show you which user accessed what by their ip addresses.
0
 
LVL 9

Assisted Solution

by:_GeG_
_GeG_ earned 664 total points
ID: 11947483
get a spam mail with headers. Now check for the sending date and time. Next check the apache log for all php/cgi/jsp request a little before this time. Then check which of those scripts can send mail. Last find the IP for this request and if it is (hopefully) a static IP send it a virus :(
My guess: look in apache logs for formmail ;)
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 664 total points
ID: 11982579
find /path/to/files -type f -exec egrep -i 'smtp|telnet|mail|socket' {} \; -print
0
 
LVL 9

Expert Comment

by:_GeG_
ID: 15702239
> This question has been classified as abandoned because there are no comments in the last 21 days.
lol, last post from May 2004

BTW I think my answer provided a usable solution....

0
 
LVL 20

Expert Comment

by:Venabili
ID: 15702436
>>lol, last post from May 2004
Well... it is at least 2004 :)) Not older :)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 15702544
> BTW I think my answer provided a usable solution....
so I do ...
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question