Spam Protection: Detecting Malicious Scripts on a Linux Server

To identify a script that is sending spam from your Linux server, Linux users often face this problem when they receive a notification from their hoster about an unwanted mailing. When you examine the server, you may find tens, hundreds or thousands of messages in the queue, but identifying a specific malicious script can be a difficult task, especially if the server is running many Web sites, and any one of them may be infected.

To quickly detect a malicious script, you can make the following changes to the php.ini file:

mail.add_x_header = On
mail.log = /var/log/php.mail.log

These directives allow you to add an X-Header to emails and write information about them to the log file /var/log/php.mail.log.

The log will now contain information about scripts sending emails, making them easier to detect. If suspicions arise, you will be able to analyze the log file, detect and block malicious scripts, helping to better protect your server from unwanted mailings.