In this script we will change the sendmail binary with a custom script, because php is using the sendmail to send the mails through script. So the spammer is calling this script instead, which is then logging the user info into a log file before calling the now renamed sendmail.
After installation check /var/log/formmail.log to find spammer activity.
Installation:
Note:- Place take a backup before moving the file to prevent any sort of data loss issue.
mv /usr/sbin/sendmail /usr/sbin/sendmail.act
vim /usr/sbin/sendmail (paste the below code into it)
chmod +x /usr/sbin/sendmail
echo > /var/log/formmail.log
chmod 777 /var/log/formmail.log
————————————————————————
#!/usr/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, “>>/var/log/formmail.log”) || die “Failed to open file ::$!”;
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO “$date – $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n”;
}
else {
print INFO “$date – $PWD – @info\n”;
}
my $mailprog = ‘/usr/sbin/sendmail.act’;
foreach (@ARGV) {
$arg=”$arg” . ” $_”;
}
open (MAIL,”|$mailprog $arg”) || die “cannot open $mailprog: $!\n”;
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);
————————————————————————
No comments:
Post a Comment