Posted by & filed under Server Admin.

I had to deal with a malicious script that was inserted into a website today and was sending out spam. Typically I have a few tools I run, but I couldn’t locate this particular infection. Time to take another angle, Exim logs. The following shows the most used script directories which will help narrow down the suspects substantially.

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

Leave a Reply

You must be logged in to post a comment.