On Sep 27, 2005, at 9:52 AM, Clayton Weise wrote:
I know this is way off topic, but there are a lot of really smart
on this list so I'm hoping to get some ideas here. I've got a web
server that has some kind of formmail-esque script that is being
horribly abused but I can't find it. The server (shut down qmail-send
on it for now) is spewing out messages by the hundreds, if not
thousands, and I can't seem to center down on which site has the
offending script. Again, it's pretty off topic but I'm just looking
some help here... please.
Assuming you're running VirtualHosts with apache, here's what I've done
in a similar situation.
If your directory structure works for this, you can look at all of the
access logs for your virtual hosts:
ls -l */*/logs/access_log
Run it once, and dump to a file. Run it again a few minutes later and
dump to a file. Do a diff -u on the file and you'll only see sites
getting hits. Look for the ones with fast-growing log files, and then
manually examine those logs. Note that you might need to look at the
error_log as well, as there might be a script that generates an error
yet still sends the email.
If your directory structure isn't organized well enough to find all the
access_log files, you'll have to write a script that goes through your
apache configuration files looking for the TransferLog (or ErrorLog)
setting, and check the size of the log.
Another quick idea is to run `locate formmail` and `locate FormMail` to
spot some quick possibilities.
Tom Collins - [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/