Clayton Weise wrote:
>> Run it once, and dump to a file. Run it again a few minutes later
>> and dump to a file. Do a diff -u on the file and you'll only see
>> sites getting hits.
> Tried something similar but the interesting thing is that it isn't
> getting a lot of hits but the messages that go out have a TON of
> recipients. One message might have 500 RCPT TO's in it, but it only
> gets tagged as one hit to the page.
Grep the apache logs for POST. The referrer will often be left blank and
makes them easy to spot.
> -----Original Message-----
> From: Tom Collins [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 27, 2005 10:15 AM
> To: firstname.lastname@example.org
> Subject: Re: [vchkpw] OT, but abuse related
> Assuming you're running VirtualHosts with apache, here's what I've
> done in a similar situation.
> If your directory structure works for this, you can look at all of
> the access logs for your virtual hosts:
> ls -l */*/logs/access_log
> Run it once, and dump to a file. Run it again a few minutes later
> and dump to a file. Do a diff -u on the file and you'll only see
> sites getting hits. Look for the ones with fast-growing log files,
> and then manually examine those logs. Note that you might need to
> look at the error_log as well, as there might be a script that
> generates an error yet still sends the email.
> If your directory structure isn't organized well enough to find all
> the access_log files, you'll have to write a script that goes through
> your apache configuration files looking for the TransferLog (or
> ErrorLog) setting, and check the size of the log.
> Another quick idea is to run `locate formmail` and `locate FormMail`
> to spot some quick possibilities.
> Good luck.