{"id":35560,"date":"2025-11-05T14:01:55","date_gmt":"2025-11-05T07:01:55","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=35560"},"modified":"2025-11-05T14:01:55","modified_gmt":"2025-11-05T07:01:55","slug":"cach-chong-spam-mail-tren-vps","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/cach-chong-spam-mail-tren-vps\/","title":{"rendered":"C\u00e1ch x\u00e1c \u0111\u1ecbnh\/ch\u1ed1ng Spam Mail tr\u00ean VPS nhanh, d\u1ec5 hi\u1ec3u"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/cach-chong-spam-mail-tren-vps\/#Dau-hieu-nhan-biet-VPS-bi-Spam-Mail\" >D\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft VPS b\u1ecb Spam Mail<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/cach-chong-spam-mail-tren-vps\/#Nguyen-nhan-dan-den-VPS-bi-Spam-Mail\" >Nguy\u00ean nh\u00e2n d\u1eabn \u0111\u1ebfn VPS b\u1ecb Spam Mail<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/cach-chong-spam-mail-tren-vps\/#Cach-xac-dinh-va-khac-phuc-VPS-bi-Spam-Mail\" >C\u00e1ch x\u00e1c \u0111\u1ecbnh v\u00e0 kh\u1eafc ph\u1ee5c VPS b\u1ecb Spam Mail<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/cach-chong-spam-mail-tren-vps\/#Cach-xac-dinh-VPS-bi-Spam-Mail\" >C\u00e1ch x\u00e1c \u0111\u1ecbnh\u00a0VPS b\u1ecb Spam Mail<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/cach-chong-spam-mail-tren-vps\/#Cach-khac-phuc-VPS-bi-Spam-Mail\" >C\u00e1ch kh\u1eafc ph\u1ee5c VPS b\u1ecb Spam Mail<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<p>Trong b\u00e0i vi\u1ebft n\u00e0y, InterData s\u1ebd h\u01b0\u1edbng d\u1eabn b\u1ea1n c\u00e1ch x\u00e1c \u0111\u1ecbnh d\u1ea5u hi\u1ec7u, nguy\u00ean nh\u00e2n v\u00e0 kh\u1eafc ph\u1ee5c l\u1ed7i Spam Mail tr\u00ean VPS t\u1eebng b\u01b0\u1edbc chi ti\u1ebft nh\u1ea5t. B\u1ea1n c\u00f3 th\u1ec3 tham kh\u1ea3o.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Dau-hieu-nhan-biet-VPS-bi-Spam-Mail\"><\/span>D\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft VPS b\u1ecb Spam Mail<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<div>C\u00f3 m\u1ed9t s\u1ed1 d\u1ea5u hi\u1ec7u r\u00f5 r\u00e0ng cho th\u1ea5y VPS c\u1ee7a b\u1ea1n \u0111ang g\u1eb7p v\u1ea5n \u0111\u1ec1 spam mail:<\/div>\n<ul>\n<li><b>Hi\u1ec7u su\u1ea5t h\u1ec7 th\u1ed1ng gi\u1ea3m:<\/b> VPS c\u1ee7a b\u1ea1n t\u1ef1 nhi\u00ean ch\u1eadm \u0111i, \u0111\u1ed3ng th\u1eddi <b>RAM v\u00e0 CPU t\u0103ng cao<\/b>.<\/li>\n<li><b>V\u1ea5n \u0111\u1ec1 g\u1eedi\/nh\u1eadn Email:<\/b> Email kh\u00f4ng \u0111\u1ebfn \u0111\u01b0\u1ee3c ng\u01b0\u1eddi nh\u1eadn.<\/li>\n<li><b>Th\u00f4ng b\u00e1o t\u1eeb Control Panel:<\/b> N\u1ebfu b\u1ea1n s\u1eed d\u1ee5ng DirectAdmin, h\u1ec7 th\u1ed1ng s\u1ebd th\u00f4ng b\u00e1o l\u01b0\u1ee3ng mail g\u1eedi ra ngo\u00e0i nhi\u1ec1u.<\/li>\n<li><b>Blacklist IP:<\/b> \u0110\u1ecba ch\u1ec9 IP c\u1ee7a VPS b\u1ecb \u0111\u01b0a v\u00e0o danh s\u00e1ch \u0111en (Blacklist).<\/li>\n<\/ul>\n<figure id=\"attachment_35561\" aria-describedby=\"caption-attachment-35561\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-35561\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Dau-hieu-nhan-biet-VPS-bi-Spam-Mail.jpg\" alt=\"D\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft VPS b\u1ecb Spam Mail\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Dau-hieu-nhan-biet-VPS-bi-Spam-Mail.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Dau-hieu-nhan-biet-VPS-bi-Spam-Mail-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Dau-hieu-nhan-biet-VPS-bi-Spam-Mail-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-35561\" class=\"wp-caption-text\">D\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft VPS b\u1ecb Spam Mail<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Nguyen-nhan-dan-den-VPS-bi-Spam-Mail\"><\/span>Nguy\u00ean nh\u00e2n d\u1eabn \u0111\u1ebfn VPS b\u1ecb Spam Mail<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<div>Nguy\u00ean nh\u00e2n VPS g\u1eedi th\u01b0 r\u00e1c th\u01b0\u1eddng xu\u1ea5t ph\u00e1t t\u1eeb:<\/div>\n<ul>\n<li><b>L\u1ed7 h\u1ed5ng Source Code:<\/b> N\u1ebfu m\u00e1y ch\u1ee7 \u0111ang ch\u1ea1y website, source code c\u00f3 th\u1ec3 \u0111ang g\u1eb7p v\u1ea5n \u0111\u1ec1. B\u1ea1n c\u1ea7n \u0111\u1ea3m b\u1ea3o c\u00e1c module, plugin, v\u00e0 theme \u0111ang s\u1eed d\u1ee5ng l\u00e0 \u0111\u00e1ng tin c\u1eady.<\/li>\n<li><b>T\u00e0i kho\u1ea3n b\u1ecb \u0111\u00e1nh c\u1eafp (SMTP spam):<\/b> C\u00f3 th\u1ec3 m\u1ed9t t\u00e0i kho\u1ea3n email n\u00e0o \u0111\u00f3 \u0111\u00e3 b\u1ecb k\u1ebb x\u1ea5u \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp v\u00e0 l\u1ee3i d\u1ee5ng \u0111\u1ec3 spam.<\/li>\n<li><b>L\u1ea1m d\u1ee5ng h\u00e0m <\/b><b>mail()<\/b><b>:<\/b> H\u00e0m <code>mail()<\/code> \u0111\u01b0\u1ee3c enable (cho ph\u00e9p ho\u1ea1t \u0111\u1ed9ng) v\u00e0 b\u1ecb l\u1ea1m d\u1ee5ng \u0111\u1ec3 g\u1eedi th\u01b0 r\u00e1c.<\/li>\n<li><b>User ch\u1ee7 \u0111\u1ed9ng spam:<\/b> Ng\u01b0\u1eddi d\u00f9ng c\u1ed1 t\u00ecnh g\u1eedi mail ra ngo\u00e0i v\u1edbi m\u1ee5c \u0111\u00edch ti\u1ebfp th\u1ecb (Email Marketing)<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Cach-xac-dinh-va-khac-phuc-VPS-bi-Spam-Mail\"><\/span>C\u00e1ch x\u00e1c \u0111\u1ecbnh v\u00e0 kh\u1eafc ph\u1ee5c VPS b\u1ecb Spam Mail<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 h\u01b0\u1edbng d\u1eabn chi ti\u1ebft v\u1ec1 c\u00e1ch x\u00e1c \u0111\u1ecbnh (nh\u1eadn bi\u1ebft v\u00e0 ki\u1ec3m tra) v\u00e0 c\u00e1c b\u01b0\u1edbc kh\u1eafc ph\u1ee5c khi VPS c\u1ee7a b\u1ea1n b\u1ecb spam mail. C\u00e1c b\u01b0\u1edbc n\u00e0y th\u01b0\u1eddng \u00e1p d\u1ee5ng cho c\u00e1c m\u00e1y ch\u1ee7 s\u1eed d\u1ee5ng Control Panel nh\u01b0 DirectAdmin ho\u1eb7c Exim.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cach-xac-dinh-VPS-bi-Spam-Mail\"><\/span>C\u00e1ch x\u00e1c \u0111\u1ecbnh\u00a0VPS b\u1ecb Spam Mail<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 x\u00e1c \u0111\u1ecbnh c\u1ee5 th\u1ec3 VPS c\u00f3 \u0111ang spam hay kh\u00f4ng v\u00e0 ngu\u1ed3n g\u1ed1c c\u1ee7a mail spam, b\u1ea1n c\u1ea7n ki\u1ec3m tra queue v\u00e0 log mail:<\/p>\n<p><strong>B\u01b0\u1edbc 1: Ki\u1ec3m tra s\u1ed1 l\u01b0\u1ee3ng mail trong queue:<\/strong><\/p>\n<p>S\u1eed d\u1ee5ng l\u1ec7nh sau \u0111\u1ec3 ki\u1ec3m tra s\u1ed1 l\u01b0\u1ee3ng mail \u0111ang ch\u1edd g\u1eedi \u0111i:<\/p>\n<pre><code>exim -bpc\r\n<\/code><\/pre>\n<p>N\u1ebfu con s\u1ed1 tr\u1ea3 v\u1ec1 <strong>l\u1edbn h\u01a1n 100<\/strong>, \u0111i\u1ec1u \u0111\u00f3 \u0111\u1ed3ng ngh\u0129a v\u1edbi vi\u1ec7c VPS \u0111ang th\u1ef1c hi\u1ec7n spam mail ra ngo\u00e0i.<\/p>\n<p><strong>B\u01b0\u1edbc 2: Ki\u1ec3m tra danh s\u00e1ch mail trong queue:<\/strong><\/p>\n<p>S\u1eed d\u1ee5ng l\u1ec7nh n\u00e0y \u0111\u1ec3 li\u1ec7t k\u00ea danh s\u00e1ch mail trong queue. T\u1ea1i \u0111\u00e2y, b\u1ea1n c\u00f3 th\u1ec3 <strong>bi\u1ebft c\u1ee5 th\u1ec3 user account mail n\u00e0o \u0111ang th\u1ef1c hi\u1ec7n spam<\/strong>:<\/p>\n<pre><code>exim -bp\r\n<\/code><\/pre>\n<p><strong>B\u01b0\u1edbc 3: Ki\u1ec3m tra log mail:<\/strong><\/p>\n<p>B\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m tra log \u0111\u1ec3 t\u00ecm ki\u1ebfm chi ti\u1ebft h\u01a1n v\u1ec1 ho\u1ea1t \u0111\u1ed9ng g\u1eedi mail:<\/p>\n<p>1. Di chuy\u1ec3n \u0111\u1ebfn th\u01b0 m\u1ee5c log:<\/p>\n<p><code>cd \/var\/log\/exim<\/code><\/p>\n<p>2. Xem 100 d\u00f2ng log cu\u1ed1i c\u00f9ng: <code>tail -n 100 mainlog |more<\/code>.<\/p>\n<p>3. Ki\u1ec3m tra log theo m\u1ed9t user c\u1ee5 th\u1ec3: <code>tail -n 10000 mainlog |grep user@example.com |more \/\/l\u1ec7nh n\u00e0y s\u1ebd li\u1ec7t k\u00ea log theo user \u0111\u01b0\u1ee3c truy v\u1ea5n<\/code><\/p>\n<p><strong>B\u01b0\u1edbc 4: Ki\u1ec3m tra n\u1ed9i dung mail:<\/strong><\/p>\n<p>\u0110\u1ec3 xem n\u1ed9i dung chi ti\u1ebft c\u1ee7a m\u1ed9t mail \u0111ang n\u1eb1m trong queue (x\u00e1c \u0111\u1ecbnh b\u1eb1ng ID), b\u1ea1n s\u1eed d\u1ee5ng l\u1ec7nh:<\/p>\n<p><code>exim -Mvh [id] \/\/ id d\u1ea1ng 1YlI6V-0004K0-MT<\/code><\/p>\n<figure id=\"attachment_35562\" aria-describedby=\"caption-attachment-35562\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-35562\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Cach-xac-dinh-va-khac-phuc-VPS-bi-Spam-Mail.jpg\" alt=\"C\u00e1ch x\u00e1c \u0111\u1ecbnh v\u00e0 kh\u1eafc ph\u1ee5c VPS b\u1ecb Spam Mail\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Cach-xac-dinh-va-khac-phuc-VPS-bi-Spam-Mail.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Cach-xac-dinh-va-khac-phuc-VPS-bi-Spam-Mail-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Cach-xac-dinh-va-khac-phuc-VPS-bi-Spam-Mail-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-35562\" class=\"wp-caption-text\">C\u00e1ch x\u00e1c \u0111\u1ecbnh v\u00e0 kh\u1eafc ph\u1ee5c VPS b\u1ecb Spam Mail<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Cach-khac-phuc-VPS-bi-Spam-Mail\"><\/span>C\u00e1ch kh\u1eafc ph\u1ee5c VPS b\u1ecb Spam Mail<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sau khi \u0111\u00e3 x\u00e1c \u0111\u1ecbnh \u0111\u01b0\u1ee3c v\u1ea5n \u0111\u1ec1, b\u1ea1n c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c b\u01b0\u1edbc sau \u0111\u1ec3 kh\u1eafc ph\u1ee5c:<\/p>\n<p><strong>B\u01b0\u1edbc 1: X\u00f3a\/G\u1eedi mail trong queue<\/strong><\/p>\n<p><code>exim -Mrm {message-id} \/\/ x\u00f3a 1 mail trong queue, id d\u1ea1ng 1YlI6V-0004K0-MT<\/code><br \/>\n<code>exim -bp | awk '{ print $3 }' | xargs exim -Mrm \/\/ x\u00f3a t\u00f2a b\u1ed9 mail trong queue<\/code><br \/>\n<code>exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm \/\/ x\u00f3a t\u00f2a b\u1ed9 mail trong frozen<\/code><br \/>\n<code>\/usr\/sbin\/exim -bp |awk '{print $3}' | xargs -n 1 -P 40 \/usr\/sbin\/exim -v -M \/\/g\u1eedi to\u00e0n b\u1ed9 mail trong queue<\/code><\/p>\n<p><strong>B\u01b0\u1edbc 2: Config v\u00e0 d\u1eebng service Exim<\/strong><\/p>\n<p>B\u1ea1n c\u00f3 th\u1ec3 t\u1ea1m d\u1eebng d\u1ecbch v\u1ee5 Exim \u0111\u1ec3 ng\u0103n ch\u1eb7n vi\u1ec7c g\u1eedi mail ngay l\u1eadp t\u1ee9c:<\/p>\n<p><code>vim \/etc\/exim.conf\u00a0 \u00a0 \u00a0\/\/Ch\u1ec9nh s\u1eeda b\u1ea5t k\u1ef3 1 d\u00f2ng n\u00e0o sau \u0111\u00f3 l\u01b0u l\u1ea1i<\/code><br \/>\n<code>\/etc\/init.d\/exim stop\u00a0 \u00a0 \u00a0\/\/Stop service exim<\/code><\/p>\n<p><strong>B\u01b0\u1edbc 3:\u00a0Disable h\u00e0m mail()<\/strong><\/p>\n<p>N\u1ebfu nguy\u00ean nh\u00e2n l\u00e0 do h\u00e0m mail() b\u1ecb l\u1ea1m d\u1ee5ng, b\u1ea1n n\u00ean t\u1eaft n\u00f3 \u0111i:<\/p>\n<p><code>php -i | grep php.ini \/\/X\u00e1c \u0111\u1ecbnh file php.ini<\/code><\/p>\n<p>Ki\u1ec3m tra xem h\u00e0m n\u00e0o \u0111ang b\u1ecb disable (gi\u1ea3 s\u1eed file php.ini n\u1eb1m trong <code>\/usr\/local\/php54\/lib\/php.ini)<\/code>:<\/p>\n<p><code>grep disable_functions \/usr\/local\/php54\/lib\/php.ini\u00a0 \u00a0 \u00a0 \/\/Ki\u1ec3m tra xem h\u00e0m n\u00e0o b\u1ecb disable<\/code><br \/>\n<code>sed -i 's\/disable_functions =\/disable_functions = mail\/' \/usr\/local\/php54\/lib\/php.ini\u00a0 \u00a0 \u00a0 \/\/Th\u1ef1c hi\u1ec7n disable h\u00e0m mail()<\/code><br \/>\n<code>\/etc\/init.d\/httpd restart\u00a0 \u00a0 \u00a0 \/\/Restart service httpd<\/code><\/p>\n<p><strong>B\u01b0\u1edbc 4: Gi\u1edbi h\u1ea1n email g\u1eedi ra<\/strong><\/p>\n<p>N\u1ebfu b\u1ea1n s\u1eed d\u1ee5ng Control Panel DirectAdmin, b\u1ea1n c\u00f3 th\u1ec3 thi\u1ebft l\u1eadp gi\u1edbi h\u1ea1n s\u1ed1 l\u01b0\u1ee3ng email m\u00e0 m\u1ed7i user \u0111\u01b0\u1ee3c ph\u00e9p g\u1eedi ra m\u1ed7i ng\u00e0y.<\/p>\n<p>Th\u1ef1c hi\u1ec7n b\u1eb1ng c\u00e1ch Login v\u00e0o DirectAdmin v\u1edbi quy\u1ec1n admin, t\u00ecm \u0111\u1ebfn m\u1ee5c <strong>Extra Features<\/strong>, v\u00e0 click <strong>Administrator Setting<\/strong>.<\/p>\n<p><strong>B\u01b0\u1edbc 5: Suspend user v\u00e0 t\u00ecm ngu\u1ed3n m\u00e3 \u0111\u1ed9c<\/strong><\/p>\n<p>\u0110\u00e2y l\u00e0 b\u01b0\u1edbc quan tr\u1ecdng \u0111\u1ec3 x\u1eed l\u00fd t\u1eadn g\u1ed1c v\u1ea5n \u0111\u1ec1, \u0111\u1eb7c bi\u1ec7t n\u1ebfu nguy\u00ean nh\u00e2n l\u00e0 do source code b\u1ecb t\u1ea5n c\u00f4ng (SMTP spam).<\/p>\n<ul>\n<li><strong>Suspend user<\/strong>: Ti\u1ebfn h\u00e0nh kh\u00f3a (suspend) user c\u00f3 account mail \u0111ang th\u1ef1c hi\u1ec7n spam \u0111\u1ec3 t\u1ea1m d\u1eebng ho\u1ea1t \u0111\u1ed9ng spam.<\/li>\n<li><strong>Qu\u00e9t m\u00e3 \u0111\u1ed9c<\/strong>: Sau \u0111\u00f3, b\u1ea1n n\u00ean download full source code + database v\u1ec1 m\u00e1y local v\u00e0 th\u1ef1c hi\u1ec7n qu\u00e9t virus b\u1eb1ng c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh antivirus \u0111\u1ec3 ki\u1ec3m tra.<\/li>\n<\/ul>\n<p>N\u1ebfu \u0111\u00e3 t\u00ecm \u0111\u01b0\u1ee3c user spam, h\u00e3y v\u00e0o th\u01b0 m\u1ee5c source code c\u1ee7a user \u0111\u00f3 (v\u00ed d\u1ee5: <code>cd \/home\/username\/domains\/example.com\/public_html<\/code>). C\u00e1c file m\u00e3 \u0111\u1ed9c th\u01b0\u1eddng \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a. B\u1ea1n c\u00f3 th\u1ec3 t\u00ecm nhanh c\u00e1c file PHP ch\u1ee9a \u0111o\u1ea1n m\u00e3 \u0111\u1ed9c ph\u1ed5 bi\u1ebfn (eval(base64_decode) b\u1eb1ng c\u00e1c l\u1ec7nh sau:<\/p>\n<p><code># find . -name \u2018*.php\u2019 | while read FILE; do if grep \u2018eval(base64_decode\u2019 \u201c$FILE\u201d; then echo \u201c$FILE\u201d &gt;&gt; filemadoc; fi ; done <\/code><\/p>\n<p>ho\u1eb7c<\/p>\n<p><code># find . -name \u2018*.php\u2019 | while read FILE; do if grep \u2018eval(base64_decode\u2019 \u201c$FILE\u201d; then echo \u201c$FILE\u201d; fi ; done<\/code><\/p>\n<p>Vi\u1ec7c x\u00e1c \u0111\u1ecbnh v\u00e0 kh\u1eafc ph\u1ee5c VPS b\u1ecb spam mail gi\u1ed1ng nh\u01b0 vi\u1ec7c t\u00ecm v\u00e0 s\u1eeda m\u1ed9t \u1ed1ng n\u01b0\u1edbc b\u1ecb r\u00f2 r\u1ec9: tr\u01b0\u1edbc ti\u00ean b\u1ea1n nh\u1eadn bi\u1ebft qua c\u00e1c d\u1ea5u hi\u1ec7u (nh\u01b0 h\u00f3a \u0111\u01a1n ti\u1ec1n n\u01b0\u1edbc t\u0103ng cao ho\u1eb7c nh\u00e0 b\u1ecb \u1ea9m), sau \u0111\u00f3 b\u1ea1n x\u00e1c \u0111\u1ecbnh ch\u00ednh x\u00e1c v\u1ecb tr\u00ed r\u00f2 r\u1ec9 (ki\u1ec3m tra t\u1eebng \u0111\u01b0\u1eddng \u1ed1ng b\u1eb1ng l\u1ec7nh exim -bp v\u00e0 log), v\u00e0 cu\u1ed1i c\u00f9ng l\u00e0 kh\u1eafc ph\u1ee5c b\u1eb1ng c\u00e1ch kh\u00f3a van (suspend user, stop Exim, disable h\u00e0m mail()) v\u00e0 s\u1eeda ch\u1eefa ngu\u1ed3n g\u1ed1c v\u1ea5n \u0111\u1ec1 (x\u00f3a mail trong queue, qu\u00e9t v\u00e0 lo\u1ea1i b\u1ecf m\u00e3 \u0111\u1ed9c)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trong b\u00e0i vi\u1ebft n\u00e0y, InterData s\u1ebd h\u01b0\u1edbng d\u1eabn b\u1ea1n c\u00e1ch x\u00e1c \u0111\u1ecbnh d\u1ea5u hi\u1ec7u, nguy\u00ean nh\u00e2n v\u00e0 kh\u1eafc ph\u1ee5c l\u1ed7i Spam Mail tr\u00ean VPS t\u1eebng b\u01b0\u1edbc chi ti\u1ebft nh\u1ea5t. B\u1ea1n c\u00f3 th\u1ec3 tham kh\u1ea3o. D\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft VPS b\u1ecb Spam Mail C\u00f3 m\u1ed9t s\u1ed1 d\u1ea5u hi\u1ec7u r\u00f5 r\u00e0ng cho th\u1ea5y VPS c\u1ee7a b\u1ea1n \u0111ang<\/p>\n","protected":false},"author":11,"featured_media":35563,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"class_list":["post-35560","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vps"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/35560","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=35560"}],"version-history":[{"count":1,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/35560\/revisions"}],"predecessor-version":[{"id":35564,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/35560\/revisions\/35564"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/35563"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=35560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=35560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=35560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}