qeng
asked on
How to Run CPanel? Scripts to Detect Spamming Scripts on Website
Someone has found a way to insert a spamming script (sends out emails) into one of my Joomla websites. I'm not sure if they found access through one of the Joomla pages or by accessing the server files directly (sites are run on a VPS).
The server tech support folks suggest running some scripts to help determine the location of the spamming script.
This is not something I've done before and am unsure how to proceed. I have a VPS account (under which I run several websites). Only one appears to be affected.
The type of scripts being suggested are shown below.
Are these scripts from the affected domain's CPanel (if so, do I cut and paste them and where?) or from the Root WHM?
Thx
--------------------------
Sample Scripts:
To get a sorted list of email sender in exim mail queue.
==========================
# exim -bpr | grep "<" | awk {'print $4'} | cut -d "<" -f 2 | cut -d ">" -f 1 | sort -n | uniq -c | sort -n
==========================
Script to check script that will originate spam mails:
==========================
# grep "cwd=/home" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print
# awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
# grep 'cwd=/home' /var/log/exim_mainlog | awk '{print $3}' | cut -d / -f 3 | sort -bg | uniq -c | sort -bg
==========================
In order to find “nobody” spamming, issue the following command
==========================
# ps -C exim -fH ewww | awk '{for(i=1;i<=40;i++){print
==========================
summary of mails in the mail queue.
==========================
exim -bpr | exiqsumm -c | head
==========================
The server tech support folks suggest running some scripts to help determine the location of the spamming script.
This is not something I've done before and am unsure how to proceed. I have a VPS account (under which I run several websites). Only one appears to be affected.
The type of scripts being suggested are shown below.
Are these scripts from the affected domain's CPanel (if so, do I cut and paste them and where?) or from the Root WHM?
Thx
--------------------------
Sample Scripts:
To get a sorted list of email sender in exim mail queue.
==========================
# exim -bpr | grep "<" | awk {'print $4'} | cut -d "<" -f 2 | cut -d ">" -f 1 | sort -n | uniq -c | sort -n
==========================
Script to check script that will originate spam mails:
==========================
# grep "cwd=/home" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print
# awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
# grep 'cwd=/home' /var/log/exim_mainlog | awk '{print $3}' | cut -d / -f 3 | sort -bg | uniq -c | sort -bg
==========================
In order to find “nobody” spamming, issue the following command
==========================
# ps -C exim -fH ewww | awk '{for(i=1;i<=40;i++){print
==========================
summary of mails in the mail queue.
==========================
exim -bpr | exiqsumm -c | head
==========================
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All of my websites are run under a master VPS account (a reseller account I guess). The WHM gives me access to all of the domains and root level functionality. I have SSH access (though have never used it).
How do I run/execute the scripts?
How do I run/execute the scripts?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gary, thanks for staying with me on this. Sorry for the newb questions but I have to work my way through this for the first time.
I don't know where (in WHM, or Cpanel) I 'enter' them. Which function do I invoke which will let me enter those scripts?
ps I've tried googling instructions on how to do this but most instructions skip this front end stuff, likely assuming readers have some familiarity with running scripts (the instructions tend to describe what the scripts do and various means of accessing the servers, not how to run the scripts).
I don't know where (in WHM, or Cpanel) I 'enter' them. Which function do I invoke which will let me enter those scripts?
ps I've tried googling instructions on how to do this but most instructions skip this front end stuff, likely assuming readers have some familiarity with running scripts (the instructions tend to describe what the scripts do and various means of accessing the servers, not how to run the scripts).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gary,
Thx for the suggestions. What I was looking for were instructions akin to the following:
"You need to run the scripts from your VPS console after SSH'ing to your VPS server as root user. The root password of the VPS server is XXXXXXXXX . Please use the details below to SSH to your server on different operating systems:
==
1. To log into your VPS from a Mac:
-Open the Terminal application (Utilities).
-On the command line, enter the SSH command(without the $ sign) followed by your server's name and the user you will login as (in this case, root):
$ ssh root@12.34.5.678 -p12345
-When prompted, enter your server's root password.
2. To log into your VPS from a Windows machine:
(etc.)
3. To log into your VPS from a Linux distribution, such as Ubuntu:
(etc.)
To exit:
Simply type "exit" on the command line and hit Enter.
==
Now, you can execute the commands as given the URLs (disregarding all before and including the # character). For example:
==
root@vps [~]# hostname
I was able to run the scripts I needed using those instructions.
Thx for the suggestions. What I was looking for were instructions akin to the following:
"You need to run the scripts from your VPS console after SSH'ing to your VPS server as root user. The root password of the VPS server is XXXXXXXXX . Please use the details below to SSH to your server on different operating systems:
==
1. To log into your VPS from a Mac:
-Open the Terminal application (Utilities).
-On the command line, enter the SSH command(without the $ sign) followed by your server's name and the user you will login as (in this case, root):
$ ssh root@12.34.5.678 -p12345
-When prompted, enter your server's root password.
2. To log into your VPS from a Windows machine:
(etc.)
3. To log into your VPS from a Linux distribution, such as Ubuntu:
(etc.)
To exit:
Simply type "exit" on the command line and hit Enter.
==
Now, you can execute the commands as given the URLs (disregarding all before and including the # character). For example:
==
root@vps [~]# hostname
I was able to run the scripts I needed using those instructions.
ASKER
Appreciated Gary staying connected. I kept this open for a few days while I was attempting to resolve the underlying issue on the server.
ASKER
So I gather I run those scripts from the WHM then? Any links (or examples) you can send me on how to do that?