Everyone has the occasional user who may leave something on their server that may send spam, or not update things as fast as they should. Tracking down the spammer can be a real problem though.
Sometimes you can track down the domain, but not the script, other times they may have so many files that its nearly impossible.
Recently, with the release of of PHP 5.3, they have enabled some brilliant tracking of spammers or exploited web forms by implementing some great features. One of those features is the configuration for email http://php.net/manual/en/mail.configuration.php
By simply adding the following 2 lines into your php.ini then you can track down pretty much any outgoing spam using PHP
代碼: 選擇全部
mail.add_x_header = On
mail.log = /var/log/phpmail.log
The second line logs the entire lot to a log file. It's important to make sure that log file is owner and writeable by the webserver, and that it is being rotated by logrotate also.
With these in place your emails will have the following headers
X-PHP-Originating-Script: 33:ok.php
The 33 is the UID, the ok.php was the script sending me the spam.
An example of what is logged in the phpmail.log
mail() on [/var/www/vhosts/domain.com/httpdocs/pages/modules/system/system.mail.inc:83]: To: jeff@domain.co.uk -- Headers: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes Content-Transfer-Encoding: 8Bit X-Mailer: Drupal Sender: jeff@domain.co.uk From: jeff@domain.co.uk
Handy!
Your php.ini will be in /etc/php.ini if you are using a RedHat based distro (Centos, Fedora, etc) and in /etc/php5/apache/php.ini if you run a Debian derivative (Ubuntu, etc). If you need a hand setting this up, just drop us an email.