Which php script is spamming?
Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. eminos
  2. Saturday, 16 September 2017
  3.  Subscribe via email
I can see that one specific user is trying to send a lot of spam mail. And I can see that a lsphp process of that user is using a lot of cpu. How do I figure out which php script is being executed?

htop only shows "lsphp", not which script it's executing.
Rate this post:
  1. 19.09.2017 11:09:25
  2. # 1
Igor Ghertesco Accepted Answer
Posts: 154
Joined: 07.08.2015
0
Votes
Undo
Hello,

While running "top", you can press "c" key, this will show the full command line for the process.
  1. 19.09.2017 16:09:46
  2. # 2
eminos Accepted Answer
Posts: 10
Joined: 07.10.2012
0
Votes
Undo
Hmm. You are right. It actually shows the full script path with "top".
Is there a way to get it to work with "htop"?
  1. 19.09.2017 16:09:24
  2. # 3
eminos Accepted Answer
Posts: 10
Joined: 07.10.2012
0
Votes
Undo
It actually does seem to work with htop as well. I don't know why I didn't see it before.

Is there a better way to find spam sending scripts?
Imunify360 Malware scanner doesn't seem to catch it.
  1. 20.09.2017 10:09:41
  2. # 4
Igor Ghertesco Accepted Answer
Posts: 154
Joined: 07.08.2015
0
Votes
Undo
There is no exact instruction, but you can refer, for example, to this article: http://www.inmotionhosting.com/support/email/exim/find-spam-script-location-with-exim

Imunify360 should handle such situations as well, so if it does not, please submit a ticket to https://cloudlinux.zendesk.com, we will check it
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.