Categories: Hostripples Featured

Finding Spam Scripts on cPanel

 

If a server is sending lots of spam, and no one knows why, there is a chance that the cause is a malicious script somewhere on the server. It can be a little tricky to locate such a script, but here’s a trick that should help.

Log into WHM with root and the root password of the server.
Click on “Exim Configuration Editor” under “Service Configuration”.
Click on the box at the top that says “Switch to Advanced Mode (Edit Raw Configuration File)”.
Paste this into the top box:

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn

That line is pretty long, be sure to copy all of it and realize it may span beyond your browser’s window. Most web browsers should allow you to “triple click” in the above field and copy all of the text to your clip board but if not simply place your mouse on the far left of “log_selector” and drag the mouse to your right until you have “+tls_peerdn” highlighted.

Once you’ve copied that into the Exim editor box, scroll all the way down and click the little “Save” button.

Now you’re done in WHM. You can close out of the window, or leave it open if you plan on coming back to remove your addition to the Exim.conf. This change will slow Exim a little, so if you have a busy mailserver it’s best to remove this modification when you’re done.

Login to the server via ssh.

Watch the outgoing message log to see what directory messages are being sent from. This command works wonders:

tail -f /var/log/exim_mainlog | grep cwd

Note: cwd stands for current working directory.
This is quite normal: cwd=/var/spool/exim
This warrants investigation, but might be legit: cwd=/tmp
This is generally bad: cwd=/home/h4x0r/public_html/forums/tmp


Vishwajit Kale
Vishwajit Kale blazed onto the digital marketing scene back in 2015 and is the digital marketing strategist of Hostripples, a company that aims to provide affordable web hosting solutions. Vishwajit is experienced in digital and content marketing along with SEO. He's fond of writing technology blogs, traveling and reading.

Recent Posts

Shared Hosting: Migrating Your Site Seamlessly

If you’re new to web hosting, the idea of moving your website from one provider to another might sound intimidating.…

3 days ago

Top 15 WooCommerce Plugins to Power Your eCommerce Store in 2025

WooCommerce powers over 5 million online stores, and its true potential comes alive with plugins that enhance functionality. The right…

4 days ago

Explore the WordPress Theme Editor: Customization Made Easy

When you first launch a WordPress website, it comes with a theme that controls how your site looks and feels.…

2 weeks ago

Make in India, Make for the World: How Hostripples Empowers Modi’s Vision

Introduction Prime Minister Narendra Modi’s clarion call — “Make in India, Make for the World” — is not just a…

3 weeks ago

AI – Powered Customer Support in Hosting: Chatbots & Virtual Assistants

Customer support has always been the backbone of the web hosting industry. From helping users set up domains to troubleshooting…

1 month ago