Exim – delete specific emails from queue

Sometimes your exim mail queue can grow quite large. Especially when some website (WordPress!) is hacked and is sending tons of spam mail. Or when you end up with thousands of frozen mails. You probably don’t want to remove all emails from queue. That would mean legit emails too. You want to specify and delete only specific ones.

For sake of this demonstration we want to delete all emails that contains string domain.com

18h   60K 1b33Uz-000LkN-48 <info@domain.com> (someuser)
          info@somedomain.com

Just run command below and all mails with string match doman.com will be deleted from mail queue.

exim -bp |  grep "domain.com" | awk {'print $3'} | xargs exim -Mrm

Or for example, in case of frozen mails:

exim -bp |  grep froz | awk {'print $3'} | xargs exim -Mrm

Find CryptoPHP hacks on your server / False php scripts

CryptoPHP is nasty little shit! A while ago I had a problem with spam on one of our hosting servers. When we ended on several RBL lists, one of them stated that there is a possible way that our machine is infected with CryptoPHP. Hacked files can be very hard to find. PHP code was hidden in false .png files! This pngs were then included in some legit php files, like index.php. So every time index.php was loaded, hacked code inside included png file was loaded too.

Here is how you can find if there are false png files on your system. Just scan your directory with this line:

find -L /path/to/dir/ -type f -name "*.png" -exec file {} + | grep PHP

You could also scan your system for other types of files. Just replace *.png with something elese, for example *.jpg.

Output for legit files will look something like this:

./wp-includes/js/tinymce/skins/wordpress/images/more-2x.png:    PNG image data, 3800 x 40, 4-bit colormap, non-interlaced

Output for script that pretends to be regular PNG file – hacks – will look something like this:

./test.png:   PHP script, ASCII text

Create dump of specific tables from mysql database

You can simply create backups of specific tables with mysqldump.

mysqldump -u  -p  databasename table1 table2 table3 ... > mysqldump_file.sql

FTP file transfer from command line with wget

Sometimes you have a lot of files to transfer and no rsync, only FTP. You don’t want to sit in front of the computer and waiting for files to transfer. If you have access to command line, there is a simple solution on how to transfer all your files through FTP with wget. Once transfer is started you don’t want to close terminal session as you would cancel transfer also. Luckily there is great piece of software named screen. So, you start a new screen session by typing command screen, and run command below. Then you can detach from that screen session with pressing CTRL + A + D. This way file transfer will continue to transfer in background. You can even shut down your computer. When you want to see if all is transfered, you can just attach screen session back with command screen -x.

So in screen, just run this:

wget -m ftp://username:password@ftp.hostname.com

© 2024 geegkytuts.net
Hosted by SIEL


About author