I
I
IliaMal2021-08-27 08:48:10
Malware
IliaMal, 2021-08-27 08:48:10

How to find the source of spam from [email protected] on the site?

Hello.

The hoster blocked sending mail from the site from a large number of letters.
Example from mail logs:

[27-Aug-2021 08:23:08 Europe/Moscow] mail() on [.../modules/core/mail/sendmail.php:25]: To: <[email protected]> -- Headers: X-HostCMS-Reason: Alert  Precedence: bulk  Message-ID: <[email protected]>  From: [email protected]  X-Mailer: HostCMS/6.0  Reply-To: <[email protected]>  Return-Path: <[email protected]>  MIME-Version: 1.0  Content-Type: text/plain; charset=UTF-8  Content-Transfer-Encoding: base64

I can’t understand what these are letters and from where the sending is initialized.
What is the [email protected] mailbox?
And how to find where sending starts?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
R
Rsa97, 2021-08-27
@Rsa97

Add output to the call stack log ( debug_backtrace ) before calling mail( ) and find the source of the problem.

A
Antonio Solo, 2021-08-27
@solotony

I would look for eval($POST or $GET) somehow disguised
, and already the pest exploits this hole, downloading through it what it needs, for example, a newsletter

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question