exim: Check current PHP Script Spam process



This post is very useful for those System Administrator or System Engineer who wish to monitor over hundred of servers which could get the spamming PHP script immediately from your server.

The following example was written based on cPanel exim4 and you may stored them in a .sh file.

Full script will be as below,

egrep -R "X-PHP-Script"  /var/spool/exim/input/*|awk '{print $2}'|sort|uniq -c|sort -nr awk '{if ($1 >=10) print $1, $2}'> spam.txt

a=`sed -n '$=' spam.txt`

if [ $a -gt 0 ]
  cat spam.txt | mail -s "Spam Detection `hostname`" $recipient

rm -f spam.txt


Line 2 – Define recipient.
Line 3 – Search keyword ‘X-PHP-Script’ from exim folder and only print when they appear for more than 10 times.
Line 5-10 – Print only if it is exists and email to recipient.
Line 12 – Remove the temporary file.

Published by

Mick Genie

Mick Genie is the founder of MickGenie.com and working at ExaBytes Network Sdn Bhd and WPWebHost web host company. He is expertise in Windows and Linux environment especially web hosting related information, tips and trick as well as the IT Information.