1 Star2 Stars3 Stars4 Stars5 Stars (13 votes, average: 5.00 out of 5)

Find Track Down That Filthy Spammer AND BLOCK THEM!

What Your Will Learn Here

  1. How to get a list of scripts that are emailing on your server.
  2. Get the IP address of the spammer
  3. Block the IP address

Log Into Your Server

Log into your server via SSH. These are terminal commands and cannot be performed from your cPanel or WHM. If you want to track and kill a spammer you have to be better at the game than he is.

Step one enter this command into your terminal.

Tip: Click on images to make them larger. If you find anything wrong on this page or need further assistance please comment below or contact me. 🙂
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

You will get back something like this

15 /home/username1/public_html/about-us
25 /home/username2/public_html
12324 /home/username3/public_html/data

We see that username3 has more emails than all the other. In fact its ridiculous!

Subscribe To My YouTube Channel:

Enter this command to see what scripts are on that directory.

ls -lahtr /username3/public_html/data

We get back something like this.

drwxr-xr-x 17 username3 username3 4.0K Jan 20 10:25 ../
-rw-r--r-- 1 username3 username3 5.6K Jan 20 11:27 mailer.php
drwxr-xr-x 2 username3 username3 4.0K Jan 20 11:27 ./

Look at the dirty little script called mailer.php in the directory! To verify that it is a mailer script you can nano into it.

nano username3/public_html/mailer.php

This just lets you look inside that file and see what is going on there. If you see a mailer script in there you know that is the problem. You can edit that file and make it useless to the spammer.

Now that we know that this mailer.php script was the culprit we can access our Apache logs and see what IP address was accessing it.

grep "mailer.php" /home/username3/access-logs/example.com | awk '{print $1}' | sort -n | uniq -c | sort -n

You will get back a list like this.


You can plainly see that ip address was the IP address accesing that script to email spam.Block the SOB by entering this into your terminal.

apf -d "Spamming from script in /home/userna5/public_html/data"

For more info see http://www.inmotionhosting.com/support/email/exim/find-spam-script-location-with-exim

Find Track Down That Filthy Spammer AND BLOCK THEM! was last modified: December 14th, 2016 by Maximus Mccullough

Please like, share and subscribe.

Advanced Programming Made Easy

I hope you enjoyed the article. If I was able to help you please consider a tip for the content.

One Time Tip

more tips

Reoccuring Tips


Cool People Share:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.