Jump to content

Website Hacked. Sending spams. Help finding malicious code.


Recommended Posts

Hey guys,

New to the forum so I'll introduce myself. I'm Jugal, a freelance web developer from Mumbai, India.

Apart from making websites, I also offer web hosting to my clients.

 

I have a dedicated server running Windows Server 2008 with IIS 7 and Parallel Plesk installed.

I have more than 250 domains hosted here, most of which process PHP forms and thus, mail() function.

 

There has been an attack on my server where one of the php script containing mail() function is being exploited to send spams to random email id's. I have been getting bounceback emails from invalid id's this bot is sending spams to. So far, the count has been more than 12,000.

 

I suspect, the method described here is being used to carry out this operation: http://www.astahost.com/index.php?s=&showtopic=18363&view=findpost&p=121159

So maybe one of my client used a weak php email code which hacker (bot) is enjoying to send spams to. (Or maybe not?)

 

Now, what I want to do is to hunt down the vulnerable mail() function responsible for this. Finding "mail()" by using Notepad++ seems unreasonable as from 250 domains, many of them are ecommerce scripts, form processors, wordpress blogs, etc. counting up to more than 1,000 search results and it'll be impossible to check the same manually.

 

Anyone, any idea how do I do this? Is there a tool for windows / apache to monitor all SMTP requests and to trace it to the responsible domain / .php file?

Or can we write a php program or anything to monitor the same?

 

Or just ANY solution to hunt the responsible domain at least, so that I can delete it.

 

I'm very much tensed. Hopefully, it's weekend so maybe I have 2 days to fix this else my clients are gonna call up and complain of those spams.

 

Hoping for a solution here!

 

Thanks,

Jugal

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.