How to find out which user ID belongs to which domain in Plesk

- by

Plesk-LogoThe other day I found that one of the domains on a busy server was sending unsolicited spam mail thousands of times a day. It happens: the nature of open source scripts is that they will get hacked if they’re not updated regularly.

The clue was a full-up mail queue and Gmail no longer accepting mails from the IP in question.

When I examined one of the spam mails I found a line like this:

X-PHP-Originating-Script: 10040:listr3b.php

Good to know the spam was sent from a PHP script… but from which domain? All we have here is the user ID of the domain in question (10040) but that doesn’t mean much to the average human administrator.

Here’s how to translate that Plesk User ID into the domain it’s coming from:

grep 10040 /etc/passwd

evilusername:x:10040:505::/var/www/vhosts/evildomain.com:/bin/false

Replace the user ID with your own, and the result is the user name, as well as the domain path in question.



If you enjoy my content, please consider supporting me on Ko-fi. In return you can browse this whole site without any pesky ads! More details here.

Leave a Comment!

This site uses Akismet to reduce spam. Learn how your comment data is processed.