There is an easy method to find spammer php script in your home path. Directadmin logs these spammer scripts which are using phpmailer or similar things. To find this:
-
- Go to your home path
cd /home
-
- Find your log files
find ./ -type f -size +1k -name "php-mail.log"
After this find operation, you can see your log files. It means, users that have this log file are could be the potential spammer.
-
- Tailf your log file.
tailf /home/user/.php/php-mail.log
-
- You can see spammer scripts.!!
mail() on [/home/user/domains/domain.com.tr/public_html/modules/mod_users_latest/files.php(1947) : eval()'d code:775]: To: user@hotmail.com -- Headers: Date: Sat, 28 Jan 2017 15:51:47 +0300 From: Flora <user@domain.com.tr> Message-ID: <3f796c9fb6de893f060882897f360bea@domain.com.tr> X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_3f796c9fb6de893f060882897f360bea" Content-Transfer-Encoding: 8bit
-
- Remove this peace of shit.
rm /home/user/domains/domain.com.tr/public_html/modules/mod_users_latest/files.php
You can easiliy get rid of these spammer scripts using this method. Don’t forget to clear your mail queue after this operation.