CHips L MINI SHELL

CHips L pro

Current Path : /proc/3/task/3/cwd/proc/2/root/opt/zabbix_scripts/
Upload File :
Current File : //proc/3/task/3/cwd/proc/2/root/opt/zabbix_scripts/cpanel_compromised_mail.sh

#!/bin/bash
##########################################################
# Script to find the spamming via smtp authentication
# Author : Priya 
########################################################

SPAMTEST=$(perl -lsne '/$day.*\[([0-9.]+)\]:.+dovecot_(?:login|plain):([^\s]+).* for (.*)/ and $sender{$2}{r}+=scalar (split / /,$3) and $sender{$2}{i}{$1}=1; END {foreach $sender(keys %sender){printf"Rcpn %d Hosts %03d Auth %s\n",$sender{$sender}{r},scalar (keys %{$sender{$sender}{i}}),$sender;}}' -- -day="$(date +"%F %H" -d "1 hour ago")" /var/log/exim_mainlog | sed 's/^Rcpn \(\S*\).*Auth \(\S*\).*$/\1 mails sent authed as \2/g' |sort -n | awk '{ if ($1>150) print $0}')

if [[ -n "$SPAMTEST" ]]; then
        echo "WARNING: Possible compromised mail accounts sending high volumes recently: $SPAMTEST"
        exit 1
else
        echo "OK: No compromised accounts found in the mail log"
        exit 0
fi

Copyright 2K16 - 2K18 Indonesian Hacker Rulez