Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

How to check for malicious scripts in Linux server

A shared hosting webserver SMTP is used for SPAM, how can I search for SPAM source file in the server, say what are all the places these malicious files can reside and how to find and block them ?

user-image
Question added by Riyas Shahul Hameed , Systems Engineer , Datacom Systems Asia
Date Posted: 2015/04/24
David Giorgobiani
by David Giorgobiani , Security Operations Solutions Architect , M.F.GE

Hello, at first of all install tcptrack. after run tcptrack -i "ethernet interface" . you will see all traffic. after you should find port25,993,587 and monitor it for IP address. tcptrack -i "ethernet interface"  src or dst "IP Address". when you find IP you can block it , if it is remote address. If you are sending 

then you need  sockstats to find which user is using that port,  ps -auxw to see that user and fsatats which user use files. after you go there and disable that scripts.  

More Questions Like This