>Run it once, and dump to a file. Run it again a few minutes later and
>dump to a file. Do a diff -u on the file and you'll only see sites
Tried something similar but the interesting thing is that it isn't
getting a lot of hits but the messages that go out have a TON of
recipients. One message might have 500 RCPT TO's in it, but it only
gets tagged as one hit to the page.
From: Tom Collins [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 27, 2005 10:15 AM
Subject: Re: [vchkpw] OT, but abuse related
Assuming you're running VirtualHosts with apache, here's what I've done
in a similar situation.
If your directory structure works for this, you can look at all of the
access logs for your virtual hosts:
ls -l */*/logs/access_log
Run it once, and dump to a file. Run it again a few minutes later and
dump to a file. Do a diff -u on the file and you'll only see sites
getting hits. Look for the ones with fast-growing log files, and then
manually examine those logs. Note that you might need to look at the
error_log as well, as there might be a script that generates an error
yet still sends the email.
If your directory structure isn't organized well enough to find all the
access_log files, you'll have to write a script that goes through your
apache configuration files looking for the TransferLog (or ErrorLog)
setting, and check the size of the log.
Another quick idea is to run `locate formmail` and `locate FormMail` to
spot some quick possibilities.
Tom Collins - [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/