Clayton Weise wrote:
>> Run it once, and dump to a file.  Run it again a few minutes later
>> and dump to a file.  Do a diff -u on the file and you'll only see
>> sites getting hits.
> 
> Tried something similar but the interesting thing is that it isn't
> getting a lot of hits but the messages that go out have a TON of
> recipients.  One message might have 500 RCPT TO's in it, but it only
> gets tagged as one hit to the page.   
> 

Grep the apache logs for POST. The referrer will often be left blank and
makes them easy to spot.


> -----Original Message-----
> From: Tom Collins [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 27, 2005 10:15 AM
> To: vchkpw@inter7.com
> Subject: Re: [vchkpw] OT, but abuse related
> 
> Assuming you're running VirtualHosts with apache, here's what I've
> done in a similar situation. 
> 
> If your directory structure works for this, you can look at all of
> the access logs for your virtual hosts: 
> 
> ls -l */*/logs/access_log
> 
> Run it once, and dump to a file.  Run it again a few minutes later
> and dump to a file.  Do a diff -u on the file and you'll only see
> sites getting hits.  Look for the ones with fast-growing log files,
> and then manually examine those logs.  Note that you might need to
> look at the error_log as well, as there might be a script that
> generates an error yet still sends the email.     
> 
> If your directory structure isn't organized well enough to find all
> the access_log files, you'll have to write a script that goes through
> your apache configuration files looking for the TransferLog (or
> ErrorLog) setting, and check the size of the log.   
> 
> Another quick idea is to run `locate formmail` and `locate FormMail`
> to spot some quick possibilities. 
> 
> Good luck.



Reply via email to