Abusing User

Oct 20, 2007

There is user which is abusing my board by regsitering multiple accounts from different IPs and by using email addresses.

He has registered over 200 accounts,i am banning him once he make bad posts,but he still has tens of accounts regsitered.

Thats not bot,thats human beeing.

The question is whether if there is a tool to identify users using the same computer to regsiter multiple accounts ?

Probably by cookie or pc name or similar.

View 13 Replies


ADVERTISEMENT

Abusing Box By Sending Out Spam

Dec 24, 2007

My server is being used for sending out spam email using SMTP auth on server. I am failed to recognize it using phpnobody spam.

The email headers are as below:

[root@serverl ~]# /root/qmHandle -m38168420

--------------
MESSAGE NUMBER 38168420
--------------
Received: (qmail 19615 invoked from network); 21 Dec 2007 11:14:02 -0500
Received: from 124-8-103-212.dynamic.tfn.net.tw (HELO lzbldm) (124.8.103.212)
by ip-xx-xx-xxx-229.static.priatdns.com with SMTP; 21 Dec 2007 11:14:02 -0500
Message-ID: <003761451621$48031823$28802762@lzbldm>
From: =?big5?B?uPKmaL5sqs6m17uh2VTZVA==?= <twzcgj@ip-72-55-159-229.static.pedns.com>
To: <ahyu327@yahoo.com.tw>,
<r820309@yahoo.com.tw>,
<janejanexxx@yahoo.com.tw>,
<mirror8210@yahoo.com.tw>,
<angr34@yahoo.com.tw>,
<sungerhuang@yahoo.com.tw>,
<andy422927@yahoo.com.tw>,
<a155882@yahoo.com.tw>,
<tsai1926@yahoo.com.tw>,
<87878787@yahoo.com.tw>,
<joe-5409@yahoo.com.tw>
Subject: =?big5?B?s2+xTqxPp0GzzKvhpECmuLTuqs4=?=
Date: Sat, 22 Dec 2007 00:14:39 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0748_01590CDE.19AA17B0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3198
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198

This is a multi-part message in MIME format.

The qmail logs are as below

Dec 23 04:22:02 serverl qmail: 1198401722.886024 end msg 38163426
Dec 23 04:22:02 serverl qmail: 1198401722.886435 new msg 38163440
Dec 23 04:22:02 serverl qmail: 1198401722.886630 info msg 38163440: bytes 5274 from <> qp 21043 uid 2522
Dec 23 04:22:02 serverl qmail: 1198401722.897484 starting delivery 247946: msg 38163440 to remote jr1979@freenet.de
Dec 23 04:22:02 serverl qmail: 1198401722.897706 status: local 0/10 remote 9/20
Dec 23 04:22:03 serverl qmail: 1198401723.035092 delivery 247944: failure: 195.4.92.17_does_not_like_recipient./Remote$
Dec 23 04:22:03 serverl qmail: 1198401723.035296 status: local 0/10 remote 8/20
Dec 23 04:22:03 serverl qmail-queue[21076]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Dec 23 04:22:03 serverl qmail-queue[21076]: scan: the message(drweb.tmp.fkOXLe) sent by #@[] to postmaster@cl-t061-160$
Dec 23 04:22:03 serverl qmail: 1198401723.192176 bounce msg 38163423 qp 21076
Dec 23 04:22:03 serverl qmail: 1198401723.192241 end msg 38163423
Dec 23 04:22:03 serverl qmail: 1198401723.193683 new msg 38163429
Dec 23 04:22:03 serverl qmail: 1198401723.193930 info msg 38163429: bytes 5878 from <#@[]> qp 21092 uid 2522
Dec 23 04:22:03 serverl qmail: 1198401723.220191 starting delivery 247947: msg 38163429 to local 9-postmaster@cl-t061-$
Dec 23 04:22:03 serverl qmail: 1198401723.220247 status: local 1/10 remote 8/20
Dec 23 04:22:03 serverl qmail-local-handlers[21111]: starter: submitter[21118] with error code 100
Dec 23 04:22:03 serverl qmail-local-handlers[21111]: mailsend: wait for submitter failed
Dec 23 04:22:03 serverl qmail-local-handlers[21111]: cannot reinject message to mail system
Dec 23 04:22:03 serverl qmail: 1198401723.270544 delivery 247947: failure: This_address_no_longer_accepts_mail./
Dec 23 04:22:03 serverl qmail: 1198401723.270720 status: local 0/10 remote 8/20
Dec 23 04:22:03 serverl qmail: 1198401723.270863 triple bounce: discarding bounce/38163429
Dec 23 04:22:03 serverl qmail: 1198401723.270906 end msg 38163429
Dec 23 04:22:03 serverl pop3d:
Dec 23 04:22:03 serverl qmail: 1198401723.821852 delivery 247946: failure: 195.4.92.17_does_not_like_recipient./Remote$
Dec 23 04:22:03 serverl qmail: 1198401723.821918 status: local 0/10 remote 7/20
Dec 23 04:22:03 serverl pop3d: IMAP connect from @ [71.107.192.162]INFO: LOGIN, user=support, ip=[71.107.192.162]
Dec 23 04:22:03 serverl qmail-queue[21226]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Dec 23 04:22:03 serverl qmail-queue[21226]: scan: the message(drweb.tmp.Ge7OVb) sent by #@[] to postmaster@cl-t061-160$
Dec 23 04:22:04 serverl qmail: 1198401724.007097 bounce msg 38163440 qp 21226
Dec 23 04:22:04 serverl qmail: 1198401724.007177 end msg 38163440
Dec 23 04:22:04 serverl qmail: 1198401724.008599 new msg 38163295
Dec 23 04:22:04 serverl qmail: 1198401724.008829 info msg 38163295: bytes 5837 from <#@[]> qp 21240 uid 2522
Dec 23 04:22:04 serverl qmail: 1198401724.042842 starting delivery 247948: msg 38163295 to local 9-postmaster@cl-t061-$
Dec 23 04:22:04 serverl qmail: 1198401724.042898 status: local 1/10 remote 7/20
Dec 23 04:22:04 serverl qmail-local-handlers[21255]: starter: submitter[21262] with error code 100
Dec 23 04:22:04 serverl qmail-local-handlers[21255]: mailsend: wait for submitter failed
Dec 23 04:22:04 serverl qmail-local-handlers[21255]: cannot reinject message to mail system
Dec 23 04:22:04 serverl qmail: 1198401724.089046 delivery 247948: failure: This_address_no_longer_accepts_mail./
Dec 23 04:22:04 serverl qmail: 1198401724.089108 status: local 0/10 remote 7/20

I tried to grep some more information agains UID but failed:
[root@serverl ~]# grep 2020 /etc/passwd
alias:x:2021:2020:Qmail User:/var/qmail/alias:/bin/false
qmaild:x:2020:2020:Qmail User:/var/qmail/:/bin/false
qmaill:x:2022:2020:Qmail User:/var/qmail/:/bin/false
qmailp:x:2023:2020:Qmail User:/var/qmail/:/bin/false
[root@serverl ~]# grep 2522/etc/passwd

[root@serverl ~]# grep 2522 /etc/passwd
qmails:x:2522:2520:Qmail User:/var/qmail/:/bin/false
psaftp:x:2524:2522:anonftp psa user:/:/bin/false

how can i catch this spammer domain name hosted on my server. Its CentOS Plesk 8 Server.

View 0 Replies View Related

Redirect Domain/user To User.domain ONLY IF Folder 'user' Doesn't Exist

May 7, 2007

I thought I knew enough about my .htaccess stuff to do this, but I can't seem to work it out. What I want to do is if a user visits domain.com/folder, we check to see if the folder exists. If so, show as normal (IE domain.com/support)

If a user visits domain.com/dynamicusername (dynamicusername is not a physical folder), redirect to dynamicusername.domain.com

View 3 Replies View Related

Plesk Automation :: Login As User From Admin / Actual Login As User Are Different

Jan 3, 2014

when I find the subscription from the admin side of PPA, if I select "Login as user" I've noticed that it is different from actually logging in as the user - for example - "add domain alias" is missing when I login as a customer - but not as an admin... I need my customers to add their own aliases and manage them - how do I add that feature to the client login side?

View 9 Replies View Related

User Nobody Using Too Much Cpu

Aug 13, 2008

use "nobody" is using 2much cpu on my server ... can someone explain me how is this possible ?

[url]

I already have checked

"Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)"

In tweak settings.

View 7 Replies View Related

No User At TOP - All Are Nobody

Aug 6, 2008

when I run top command I should see who user are running and I see only my root and no body

2840 mysql 15 0 181m 78m 4568 S 22 1.0 1102:41 mysqld
4078 nobody 16 0 37128 17m 3300 S 5 0.2 0:00.99 httpd
4032 nobody 15 0 37600 18m 3364 S 5 0.2 0:00.35 httpd
3541 nobody 17 0 38200 18m 3300 S 4 0.2 0:00.73 httpd
3598 nobody 16 0 41744 21m 3288 S 4 0.3 0:01.26 httpd
3738 nobody 15 0 39820 19m 3276 S 3 0.2 0:00.63 httpd
4052 nobody 15 0 38436 18m 3376 S 2 0.2 0:01.63 httpd
3428 nobody 15 0 37040 17m 3388 S 2 0.2 0:00.60 httpd
3806 nobody 17 0 38404 18m 3316 S 2 0.2 0:00.70 httpd
4036 nobody 15 0 38408 18m 3300 S 1 0.2 0:00.52 httpd
4072 nobody 15 0 44216 24m 3424 S 1 0.3 0:01.03 httpd
3402 nobody 15 0 38296 18m 3320 S 0 0.2 0:01.05 httpd
3437 nobody 15 0 41632 22m 3616 S 0 0.3 0:01.25 httpd
3505 nobody 15 0 37412 17m 3428 S 0 0.2 0:00.89 httpd
3523 nobody 15 0 41432 21m 3252 S 0 0.3 0:00.30 httpd
3542 nobody 15 0 42720 22m 3388 S 0 0.3 0:00.88 httpd
3581 nobody 15 0 37464 17m 3272 S 0 0.2 0:00.40 httpd
3602 nobody 15 0 38472 18m 3420 S 0 0.2 0:00.31 httpd
3643 nobody 15 0 37788 18m 3308 S 0 0.2 0:00.50 httpd
3644 nobody 15 0 35120 15m 3000 S 0 0.2 0:00.03 httpd
3645 nobody 15 0 41816 21m 3276 S 0 0.3 0:00.52 httpd
3647 nobody 15 0 42908 23m 3408 S 0 0.3 0:01.20 httpd
3723 nobody 15 0 36260 16m 3408 S 0 0.2 0:00.85 httpd
3805 nobody 15 0 37512 17m 3272 S 0 0.2 0:00.44 httpd
4046 nobody 15 0 39596 19m 3284 S 0 0.2 0:01.41 httpd
4567 root 15 0 2452 1224 796 R 0 0.0 0:01.04 top
7826 root 15 0 0 0 0 S 0 0.0 0:06.21 pdflush
10001 root 15 0 12920 8528 1292 S 0 0.1 0:18.65 lfd
1 root 16 0 2060 636 544 S 0 0.0 0:12.09 init
2 root RT 0 0 0 0 S 0 0.0 0:01.15 migration/0
3 root 34 19 0 0 0 S 0 0.0 0:00.14 ksoftirqd/0
4 root RT 0 0 0 0 S 0 0.0 0:00.00 watchdog/0
5 root RT 0 0 0 0 S 0 0.0 0:00.63 migration/1
6 root 34 19 0 0 0 S 0 0.0 0:00.09 ksoftirqd/1
7 root RT 0 0 0 0 S 0 0.0 0:00.00 watchdog/1
8 root RT 0 0 0 0 S 0 0.0 0:01.29 migration/2
9 root 34 19 0 0 0 S 0 0.0 0:00.18 ksoftirqd/2

----------------------
and I can't know who are runing in my server

View 10 Replies View Related

User To Use When Ssh

Dec 19, 2007

which user should i use when you doing work on the server? I've been login as root when i need to do work on the server (i know this is really bad.)

Should i create another user to ssh in and when i need to do crital stuff i will use su ?

What groupid should i set this user to?

View 14 Replies View Related

Best Multi User IP KVM

Jul 9, 2009

I am currently looking for a new IP KVM. Right now I use a mix of HP and Raritan KVMs and I'm honestly not super happy with either of them. The main feature I'm looking for is the ability to setup multiple users and only allow them to access certain ports/devices on the KVM.

What would be the best IP KVM to look at for this?

View 10 Replies View Related

FTP User Privs

Oct 8, 2009

I basically have a script that uses passthru when people login with FTP so it can connect users from multiple interfaces.

Thing is, it uses the default php.ini file so, to get this script to work I have to enable passthru in the default php.ini file, affecting all users with an account. I am currently running SuExec and can change the php.ini file each user uses from httpd.conf. But as far as I am aware the FTP user isn't in httpd.conf.

What user does FTP run under and how can I use a custom php.ini file just for the FTP daemon. Also, as a side note, what are the effects of passthru and can it be used for malicious intent if wanted?

View 0 Replies View Related

User Aliases

Jul 27, 2009

Is it possible to create user aliases on linux?

I have webmin and virtualmin running on my server, but it's set up to create usernames in the form name@domain.tld.

Is it possible to create an alias, say myname that points to myname@mydomain.tld, so that I am able to have certain users to login via SSH using a shorter name?

View 1 Replies View Related

Tunnel Ip For User

Jun 17, 2009

i want to create a vps for tunnel ip for some user that use socks proxy.

how can i do it ?

our os is Centos

View 2 Replies View Related

The Vps Is Locked By Another User

May 5, 2009

when I tried to reboot my VPS via Hypervm Enterprise I got this error:

===========
Alert: The vps myvps.vm is locked by another user. This would also be because you had interrupted an earlier activity that would take long time to complete. HyperVM has waited 15 seconds for the other process to finish. Please try after sometime.
===========

and memory usage going crazy it's going from 400MB "natural usage level" to 1024MB then the vps and all sites going down.

View 4 Replies View Related

How To See How Many Inodes For Every User

Jan 19, 2008

How to list how many inodes is using some user or all users for a Linix system?

View 4 Replies View Related

FTP With User Upload Only

Oct 20, 2008

how i can make an FTP account for my clients to upload files to
but when they upload a file they dont see it after. I want to just make 1 ftp user / pass to give to my clients but after uploading they dont see the file or any other files in the folder.

Maybe a way for the file to auto move to another folder after uploading?

View 8 Replies View Related

CentOS User

Dec 19, 2008

I have CentOS 5.1, and I can create a new user to be added to the wheel, however it will not let me login directly through SSH.

The only way I can login as that user is to su - from the root account. I have checked, and the user is added to the wheel, and it does recognize the password when I su -.

Does anyone know what could be causing this? Is there some mundane step I missed?

View 2 Replies View Related

Php.ini Per User Or Per Directory

Jun 12, 2008

I am running phpsuexec on the server and it seems all php.ini settings are being applied per directory, I would like to have them running per user.

View 6 Replies View Related

Tracking Down A User

Mar 22, 2007

A user is running something that eats up all the server memory very quickly. Looking at the access logs this is all I get:

XX.XX.XX.XX - - [22/Mar/2007:12:58:06 -0400] "GET /index2.php?option=com_rss&feed=RSS1.0&no_html=1 HTTP/1.1" 403 -
XX.XX.XX.XX- - [22/Mar/2007:12:58:47 -0400] "GET /index2.php?option=com_rss&feed=RSS1.0&no_html=1 HTTP/1.1" 403 -
XX.XX.XX.XX - - [22/Mar/2007:12:58:58 -0400] "GET /index2.php?option=com_rss&feed=RSS1.0&no_html=1 HTTP/1.1" 403 -

Now there are quite a few index2.php's located on my server so I can not figure out who is running this. When I run ps ax -o pid,user,rss,command|grep httpd
I get about 20-30 of these:
13808 nobody 17360 /usr/local/apache/bin/httpd -DSSL

how I can figure out where this script is being run from?

View 2 Replies View Related

Which User Group

Aug 27, 2007

I'm making an account for my friend, and I just want him to have access to /var/www/hishomedirectory/

I want him to be able to do anything in that directory (rename files, delete, copy, move, upload, etc..), but not able to use apt-get or play with settings. Not a superuser either.

View 3 Replies View Related

End User Offerings

Nov 27, 2007

I know it will cost more, but does anyone know of some VPS providers that offer end user support?

I`m looking for a managed service, with end-user options thrown in for free or as a paid addon.

Like I said, I appreciate it will cost more for such a service. I`ve searched through the "offers forums" and could only come up with shared reseller plans.

I would prefer a provider with nodes based in the northern States such the great lakes area, IL, or the north east.

View 1 Replies View Related

Retrieving My User Name!

Jan 26, 2007

how to find my user name for my ftp via SSH (not whm)! It that some one who was doing some work on my server decided that it would be funny if they changed my pass and username. I retrieved the pass but not the username.

View 4 Replies View Related

User Can`t Login To Ftp

Jun 6, 2007

User can`t login to ftp say user or password is incorrect i use of whm/cpanel

View 4 Replies View Related

User Nobody And 777 Directories

May 9, 2007

I have a couple of scripts on my server that require directories to be chmoded to 777.

This has let hackers upload code that is being used in phishing schemes to my server.

How can I prevent that? can I disable user nobody?

View 14 Replies View Related

Educating The End-user

Aug 22, 2007

do you have some information sources of e.g. white papers in order to educate the end-user i.e. non technical customer?

View 6 Replies View Related

Backing Up A All My CPanel User's

Dec 6, 2007

How do I backup all my cPanel users? Like there files, settings, emails, mysql, everything.

View 14 Replies View Related

Dreamhost Backups User!

Sep 10, 2008

Check this out... I was just diggin around in my Dreamhost panel and discovered something new that I've not even seen announced anywhere... Dreamhost is giving a BACKUPS user on each account, totally separately from the web user. You are allowed... well, I'll just copy / paste straight from the panel:

At DreamHost, you may only keep website-related content on your regular users. You do, however, get one user per account where anything legal may be stored; your Backups User.

This user cannot have any websites pointed to it, nor may you share files via it... it is only to be used as an off-site backup for your personal files.
As such, we keep no backups of files on this account. These are already supposed to be your backups... not your only copy!
(Of course, you should always keep your own copies of all data stored with us.. we make no guarantees!)

Every full DreamHost Hosting plan includes 50GB of backups space!
(Additional usage will be charged at the rate of 10 cents / GB a month: the best backup deal on the net!)

Pretty interesting... they didn't HAVE to do that, it's just another one of those things that they give in order to be even MORE awesome, evidently.

View 14 Replies View Related

Mapping User Paths

Nov 1, 2006

I'm not even sure I'm asking this in the right place, but here we go.

We are working on creating some load tests for our system and we need to figure out how a "normal" user navigates our system.

Is there software out there that will show use how a user navigates our system via reading the apache logs? Will awstats do the trick?

View 1 Replies View Related

Measure Bandwidth Per User?

Apr 28, 2008

For those who do shared hosting, how do you go about measuring bandwidth per user? I'm thinking going by log files, but what about stuff like ftp, mail, dns, etc? Is there an easier way?

View 9 Replies View Related

Windows 2008 User

May 25, 2009

I am trying to create a new windows 2008 administrator user.

Which is simple and i have done it but it seems it doesnt have the same permission as the standard administrator user.

how I can setup a new user with the same permission as the normal administrator user?

View 8 Replies View Related

User Process In Hypervm

May 18, 2009

How can see wich vps used more server resource in openvz/hypervm.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved