Hi, To find the spam mail source from you application. first check the email content from the mail queue. postcat -q queue ID.
check the origin section, then you can see the location of php file. or it is better to scan the application using malware scanning tool like maldect. maldect is a good tool. https://www.rfxn.com/projects/linux-malware-detect/ http://www.woktron.com/secure/knowledgebase/145/Installation-Linux-Malware-Detect-Maldet-On-CentOS.html http://www.2daygeek.com/install-linux-malware-detect-lmd-on-ubuntu-centos-debian-fedora-mint-rhel-opensuse/# Thank you On Wed, Feb 17, 2016 at 10:24 AM, JeevZ <[email protected]> wrote: > Hello, > > This is an offtopic, a help seeking message. > > We have done a project on OpenCart which is residing in our VPS. Somehowm > one malicious script is creating Spam Emails. We have found out that php > file and cleared it. But this repeats again and dynamically such spam > sending scripts are being generated. This makes entire vps server fail and > other serious problems. > > We have inspected for base64 encryption and other normal method find such > malicious code but none to find. We have changed passwords several times > but still the issue persists. > > > Is there any one here who has some experience on this ? the problem is we > cannot locate which files creates spam sending scripts dynamically. > > > please help > > > thank you > > > ** > Jai Bhim > -- JeevZ -- > > *Jeevachaithanyan Sivanandan > +919446196667 > http://jeevanism.wordpress.com/ > -- I Take Refuge On The Enlightened Wisdom -- > -- ബുദ്ധം,ധർമം, സംഘം ശരണം ഗച്ഛാമി -- > * > > > > > > > > This email has been sent from a virus-free computer protected by Avast. > www.avast.com <https://www.avast.com/sig-email> > <#-1023183722_DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > -- > -- > "Freedom is the only law". > "Freedom Unplugged" > http://www.ilug-tvm.org > > You received this message because you are subscribed to the Google > Groups "ilug-tvm" group. > To control your subscription visit > http://groups.google.co.in/group/ilug-tvm/subscribe > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > > > > For details visit the google group page: > http://groups.google.com/group/ilug-tvm?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "Free Software Users Group, Thiruvananthapuram" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- "Freedom is the only law". "Freedom Unplugged" http://www.ilug-tvm.org You received this message because you are subscribed to the Google Groups "ilug-tvm" group. To control your subscription visit http://groups.google.co.in/group/ilug-tvm/subscribe To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For details visit the google group page: http://groups.google.com/group/ilug-tvm?hl=en --- You received this message because you are subscribed to the Google Groups "Free Software Users Group, Thiruvananthapuram" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
