>Run it once, and dump to a file. Run it again a few minutes later and >dump to a file. Do a diff -u on the file and you'll only see sites >getting hits.
Tried something similar but the interesting thing is that it isn't getting a lot of hits but the messages that go out have a TON of recipients. One message might have 500 RCPT TO's in it, but it only gets tagged as one hit to the page. -----Original Message----- From: Tom Collins [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 10:15 AM To: vchkpw@inter7.com Subject: Re: [vchkpw] OT, but abuse related Assuming you're running VirtualHosts with apache, here's what I've done in a similar situation. If your directory structure works for this, you can look at all of the access logs for your virtual hosts: ls -l */*/logs/access_log Run it once, and dump to a file. Run it again a few minutes later and dump to a file. Do a diff -u on the file and you'll only see sites getting hits. Look for the ones with fast-growing log files, and then manually examine those logs. Note that you might need to look at the error_log as well, as there might be a script that generates an error yet still sends the email. If your directory structure isn't organized well enough to find all the access_log files, you'll have to write a script that goes through your apache configuration files looking for the TransferLog (or ErrorLog) setting, and check the size of the log. Another quick idea is to run `locate formmail` and `locate FormMail` to spot some quick possibilities. Good luck. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/