i have set email for some domain to catch all setting. After some time i have a lot of bounce, redirect and rected email to address. How come my email accounts are hijacked and what to do to prevent such things in case of catch all setting.
Here it is noteworthy catcth all used to attract a lot of spam.
I keep having certain domains being hijacked and mass emails being sent from them somehow. I've disabled mail within domain control panel for each domain and issue keeps occurring. I've limited # of emails as well to 2-5 per hour but now so many are trying to be sent from my server it is clogging up mail queue and I have to log into server via ssh and run postsuper -d ALL every day or two. It is very frustrating. The only way I can stop it is to disable domain in plesk panel but that is not an option.
What can I do to find the cause of this issue and stop it?
I found out that there were some hidden iframe tags injected on my website. So I grepped and cleaned all html files. Am I supposed to change my ssh/sftp password as well? Is there anything else I'm supposed to do?
View 3 Replies View RelatedMy hosting provider has told me that my server has been "fully rooted" and the only way to fix it is a reinstallation from scratch. That is very frightening to me because it will take a lot of time to set-up again and this will cause major downtime.
Is there no other way to resolve the issue without reinstallation?
--------------- Quote from hosting provider ---------------
">> Does this mean that my passwords do not need to be changed?
Server is fully rooted, and will need to be reinstalled. Leaving the server online is a very, very serious risk for you. Let me show you some of the powers the hax0rs have at this time from their upload/hax0r script.
Php Safe-Mode Bypass (Read Files)
File:
eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):
Dir:
eg: /etc/
Search
- regexp
Upload
[ Read-Only ]
Make Dir
[ Read-Only ]
Make File
[ Read-Only ]
Go Dir
Go File
--[ x2300 Locus7Shell v. 1.0a beta Modded by #!physx^ | LOCUS7S | Generation time: 0.0396 ]-- "
Is it possible that someone on the same network as my server (shared hosted, freebds) could somehow cause my traffic to be diverted to a new url after visitors landed on my website?
I assume this person has access to my home PC also and is reading what I type here etc. Has the ability to allow domains and IP's and divert others on my server, IS in the position to know who to allow and deny (my affiliates, customers etc IP's are recorded etc)
IF this was possible, how would I be able to catch this person out?
Where would I look for evidence of this and what am I looking for?
I don't manage my DNS and asking my server host (my suspect hosts with them too) gets a reply like: I don't understand what your asking? Do you need webaliser stats?
How would someone be able to do what I'm guessing is happening: That people can land on my site.. however, this guy can than redirect them to his own paying page. If I set a link here to my site..he'd soon add its domain to "allowed" etc etc.
I'm thinking I need access to server access to my dns, login info and Last Modified details on those file. I don't have these. I don't know what I'd be looking at if I had them.. and my server tech hasn't offered to look at such things.
My interest is more than intellectual.
Until last weekend my 2 1/;2 year project that has grown in sales volume beyond my expectations. I had had no contact with this person for 8 months and in that time sales where consistent. I Had changed all accesses, IP etc etc. I used to host with him. Then moved hosts since I didn't trust him (same problem back then - sales fell to nothing but traffic grew) moved to my current host.. not long after find HE is now on that host too.. now after I have contact from him again, sales have gone flat without any explanation, even though traffic has increased! 1:300 has become 1:10000 and I have checked everything site side (I'm a webmaster for over 10 years)
I'll be ruined very shortly and I don't know what to do.
I've been handling the design and updates for a local private school for a few years now. They use HostOnce for hosting. Over 2 weeks ago I noticed that when I try to bring the site up in a browser I get a login prompt - [url]. I've submitted several help desk tickets to HostOnce with no response. Since school is starting, I recommended the school change hosting providers. So they bought hosting with GoDaddy who I also use. But now I need to transfer the domain name and I can't get a response from HostOnce. I send an email requesting that they initiate the domain transfer to GoDaddy every day with no response.
Besides a few email addresses and the help desk, there doesn't seem to be any way I can get in touch with anyone at HostOnce. What options do I have left? The school is currently stuck with a site that can't be accessed. The company seems to be in Australia but I've read the phone number listed for them does not work. I'm looking for a US phone number or something.
I have been with HostNine for almost a year now and have had reasonably decent service, until now.
They recently suspended one of my client's accounts. Understandable, the account had some very old PHP files on them. Let me preface this by stating that I am very sympathetic to hosts who have to deal with problem clients who have sites that slow down shared servers for everyone else on them.
I have tried my hardest to work with HostNine to get these files back and ensure that this account is not a problem on their server. I have never once asked for them to restore the account "as is", all have I have asked is that they backup the files and the database for me (I would do it myself, but they locked me out of the account), so that I can investigate the problem and do testing to ensure that it doesn't cause them problems again.
All in all, getting anyone to co-operate has been unsuccessful. Getting a hold of them has been a hassle (from the time I e-mailed them about the issue to the time I received my first response was a span of over 6 hours). Getting them to co-operate has been impossible. Their "Support Manager", Alex, in broken English has told me next to nothing, aside to accuse me of trying to "get around this" and that I would need to move the account to one of their dedicated plans. I have asked that the account simply be backed up, but have not received any response so far, as time ticks away and the client whose account this was becomes more and more frustrated as their files are effectively being "held hostage".
My last complaint is that they never notified myself, nor the client that they had suspended the account.
Has anyone else had problems with trying to get their files back after a host has locked you out of your account? What are my options? Does the hosting company technically "own" the files, simply because they are being hosted on their server?
I just googeling about the things come to know about the pop3 gateway (catch all). I want to know that what it is meant for and how to add it in my lx admin control panel account.
View 4 Replies View RelatedI have someone on my server who likes to send spam emails. How would I go about catching this person?
View 13 Replies View RelatedI have many domains on my mail servers using catch-all accounts. Due to this they receive a large number of spam and also the mail queue is always high. As a result, I have been thinking of disabling the catch-all account entirely on all the mail servers. I am however, not sure whether to do it or not. Are there any other companies which have disabled the catch-all facility in their mail servers? Shall I proceed towards disabling the catch-all facility?
View 6 Replies View RelatedNone of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
[root@sm4 ~]# /root/qmHandle -m3261696
--------------
MESSAGE NUMBER 3261696
--------------
Received: (qmail 7056 invoked from network); 16 May 2007 05:34:18 -0500
Received: from axicom.net (HELO User) (67.112.176.250)
by 14.32.5446.static.theplanet.com with SMTP; 16 May 2007 05:34:18 -0500
Reply-To: <notice@boamilitary.com>
From: "Bank of America Military Bank"<notice@boamilitary.com>
Subject: Notification from Bank of America Military Bank
Date: Wed, 16 May 2007 04:44:51 -0700
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
<title>Military Bank Online and Bill Payer Deactivation</title>
<FONT face=Arial size=2> </FONT>
<DIV>
<p><font face="Arial" size="2" color="#FFFFFF"> ...<img border="0" src="http://power-web43.net/images/boa.bmp"></font></p>
<p><font face="Arial" size="2"> Dear
Member,</font></p>
<DIV><font face="Arial" size="2"> This is your official notification
from Bank of America Military Bank that the service(s) listed below<BR>
will be deactivated and deleted if not renewed immediately. Previous
notifications have<BR>
been sent to the Billing Contact assigned to this account. As
the Primary Contact, you<BR>
must renew the service(s) listed below or it will be deactivated
and deleted. <BR>
<BR>
<BR>
<b> <a target="_blank" href="http://moremail.epicalliance.com/america.php"><FONT color=#003399>Renew
Now</FONT></a> </b>your <b>Military Bank Online </b>and<b> Bill Payer </b>
services.</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"><BR>
SERVICE: <b>Military Bank Online </b>and<b> Bill Payer</b>.<BR>
EXPIRATION: <b>May, 18 2007</b></font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"><BR>
Thank you for using Military Bank Online.
<br> We appreciate your business and the opportunity to serve you.</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"> Bank of America Military Bank
Member Service</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"><BR>
*****************************************************************************<BR>
IMPORTANT MEMBER SERVICE INFORMATION<BR>
*****************************************************************************</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"> Please do not reply to this message.
For any inquiries, contact Member Service.</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"> <BR>
Copyright © 2007 Bank of America Corporation. All rights reserved.</font></DIV>
</DIV>
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
Going through [url] Installing_Moodle I came to see the thumb rule of 1GB RAM for 50 concurrent users. While I do not think it is mentioned for VPS, it may imply around 15 concurrent users for 256 MB RAM. A cheap shared hosting can handle that easily without moodle chat. I have heard that VPS is more powerful than typical shared hosting. But, if it is only powerful for the root access but not for handling larger users then it looks like a dilemma situation.
View 5 Replies View RelatedI am failed to catch this spammer, please help me to find out the source. There is no such domain on my server. User is using localhost in smtp, I am using mail enable standard on my server ....
View 2 Replies View RelatedMy client currently have news website that gets around 2.5 million average hits (number of requests) per day. Currently the site is hosted on single enterprise class server in a local data center (in Asia). Some days with breaking news the traffic peaks up and the website become unresponsive for several hours. 60% of the traffic is local and the other 40% is mostly from US and Europe.
My client is on a best available server on his local IDC and the IDC doesn't have anything further to offer, hardware or technology wise. In the same time client doesn't want to drop the local IDC as the 60% of his traffic is local.
What are my options?
1. I'm looking for a multi processor server with 8GB ram/10K 2X400GB SAS HDD's. In general, do I really need this type of server to serve 1 million hits?
2. What type of providers that you recommend for the above requirement?
3. I mainly need to route the US/Europe traffic to a US server or at least blindly route 50% of the traffic to a US server. How do I do this?
-- 3.a. Can this be done with software load balancing or something like Round Robin world work? Or how do we do this?
-- 3.b. What type server Admin's or management providers who can help clients with similar service (see 3.a)?
-- 3.c. Does Cloaking type of thing helps?
how good is adding SPF to a host with catch-all emails in preventing spams. Web hosts suggest to turn off the catch-all emails. But what if there is need to turn catch-all emails, then does SPF record do a good job in preventing hacker from sending out emails that appear to originate our web host?
View 3 Replies View Relatedi have a vps but there is too much process called mailnull
after that the data centre closed my server for being sent spam
so how i can catch the user sending spam with mailnull?
URL....I trying to solve the problem fixing the psa.Parameters table, however i cannot find the relation between id on Parameters table and domains table.
View 2 Replies View RelatedI have several domains configured in my Plesk, and one of them is set as the "Detault site" under Home >> Tools & Setings > IP address management.This has the unpleasant side effect that any domain I point to this IP renders content from the Default site unless it's setup. How can I configure the default site to render content from only one domain?
View 1 Replies View Relatedexisting account have enabled catch all account automatically & i don't know how?
Main >> Server Configuration >> Tweak Settings
Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
currently it is tick marked on fail
And forwarders has been set to e.g jeetu@jeetu.info to domain automatically & also i don't how?
when i try to delete this forwarder its shown deleted successfully
Code:
Email Forwarding Maintenance
jeetu@jeetu.info's mail will no longer be redirected to jeetu.
then again i checked forwarder & found that forwarder is not deleted why?
what could be the problem?
due to this our clients are facing out of disk space running problem & they are not able to get future emails
1. now i want to disable catch all account for all existing accounts at one go
2. also i want to terminate forwarders for all existing users at one go
Let me know how to do this
Check attachment for further reference
I'm having difficulty sending an email to another email address (with a different domain) which is on the same VPS.The trouble is, on the other domain's VPS control panel, within the DNS settings, the MX records have been pointed externally (to an exchange server). Their email is turned off. But bizarrely, their mailbox is full.
It seems as though Plesk is ignoring the MX records, and sending MY email internally to the OTHER domain's mailbox on the same VPS.How do I get Plesk to send my mail to the correct EXTERNAL MX records?
I had a email address I deleted on my server (postfix on Debian 4), but to my surprise the server still recieves email for the address!
(I have manually tried sending a email to the address and it comes througt).
I have deleted the address from the /etc/postfix/virtual file and restarted postfix.
What could I have forgotten?
One of my customers asked me if is possible technically to offer free email services.
Since he's going to launch a big portal he want to offer such things later, for all users.
Now, there are problems as:
a) if there is any possibility to compress emails similar with GMAIL or YahooMail or so, because i can't imagine the email is uncompressed
b) how can be handled email boxes over multiple (mail ?) servers if the HDD space needed would be larger than for one server HDD ?
I am having an email issue and I can not resolve. I am hoping for some assisstance here.
One of my local clients are not able to email each other in their office. (About 10 employess I believe)
They are using Outlook mail client, and using ISP's SMTP server. They are able to send/recieve email to other users externally, but not intenally.
Using webmail works perfectly fine.
I spoke with my host and the said everything is working fine. I checked with the ISP to see if they are blocking the IP address on the SMTP server. They said they were not.
I have a personal account on the same server and tried to send email to another local email account, and it did not work either. Tried to send email to my clients email and they did not recieve anything.
I am on the same ISP as my client, so Im still not sure if its the ISP or not.
I setup mail piping with Exim so that e-mails sent to a specific account be forwarded to my PHP script. It's not working properly, because when I send a mail to this account, it's bounced by the mailer daemon:
Code:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
pipe to |/home/user/public_html/support/parse.php
generated by support@mydomain.com
local delivery failed
In my /etc/valiases/domain.com file I have:
Code:
support@mydomain.com: "|/home/user/public_html/support/parse.php"
*: :blackhole:
What can be causing the error?