I know there is a way to find php script that send spam from your server, but I have a different issue. I'm having issue with repeating php code that is sending tones of queries to database and I cannot pin point which code does that. I'm not php developer. I would like to somehow get script and code line that is doing this and maybe that way I will be able to reverse check the "repeating" job that is triggering this issue. With mytop I can see that there are tones of queries, nothing else :(
The script is part of wordpress plugin which ain't compromised, maybe buggy.
Sadly the script is running with 100% of resources and blocking access to page.
I started with mytop, but end up with something build-in:
mysqladmin -i 1 processlist
Thanks to that I could see how many and what queries are hitting mysql server;
Then I enabled status page for php-fpm:
pm.status_path = /status
Thanks to that I could see what was triggering the hit (in my case it was of course wp-cron.php ) so that was a clue but not the answer.
I wanted to log every php call into file, but realised that would be insane, so next sane thing was use php debugger - XDebug.
I didn't know then that I could use in without IDE and just write that part of code thanks to and and I end up setting IDE (Visual Studio Code) with addon Remote - SSH
and PHP Debug
. The second one is installed on server side and thanks to that I didn't have to install any XAMP/LAMP server on my machine.
After connecting remotely with VSC I just opened plugin code file, put breakpoint and started to track what code was doing thanks to moving around it with F10 and F11.
That way I end up with loosing many many hours but I was able to find the buggy coded that was spamming my database.