Deny Access To Exim For Free Trial Users

Jul 18, 2007

INTRODUCTION

As owner of a hosting provider company, I face the problem of abusive users almost every day. More than 90% of all abuse on my server comes from free trial accounts. I offer free trial access to my servers for people who want to try things out before they purchase a hosting package, but off course this attracts spammers. To prevent trial users from using my server for spamming purposes, I modified my exim.pl file to prevent trial users from accessing the Exim mail server.

Please note that this tutorial has been written for cPanel servers. If you want to use it on a server with a different control panel, you'll need to modify the cpgetpack.c source. If you do so, please share your work with the community by posting it in a reply here.

STEP ONE

First you’ll need to download, compile and install my cpgetpack.c application. Here’s how:

Code:
gcc cpgetpack.c -o cpgetpack
mv cpgetpack /usr/bin/
chown cpanel:cpanel /usr/bin/cpgetpack
chmod +s /usr/bin/cpgetpack
STEP TWO

Now open the /etc/exim.pl file in your favorite text editor (make a backup first) and look for the following inside the checkuserpass subroutine:

Code:
$trueowner =~ s////g;
$trueowner =~ s/..//g;
if (isdemo(${trueowner})) {
return('no');
}
Below, paste the following code:

Code:
my $name = getpwuid($uid);
open(UP, "cpgetpack $name|");
my $userplan = <UP>;
close(UP);chop($userplan);
if ($userplan eq "radix_FreeTrial") {
return "no";
}
You will have to replace the radix_FreeTrial string with the package you assign to your trial users. This will prevent trial users from authenticating which prevents them from sending mail remotely.

STEP THREE

Users are now still able to send mail locally (for example using the PHP mail() function), so here’s what to do next.

Find the checkdemo subroutine in the exim.pl file and replace the complete subroutine with:

Code:
sub democheck {
my $uid = Exim::expand_string('$originator_uid');
if (isdemo($uid)) { return 'yes'; }

my $name = getpwuid($uid);
open(UP, "cpgetpack $name|");
my $userplan = <UP>;
close(UP);

chop($userplan);

if ($userplan eq "radix_FreeTrial") {
return 'yes';
}

return 'no';
}
STEP FOUR

Now just restart Exim:

Code:
service exim restart
It might be a good idea to create a trial account and see if it’s working. Enjoy!

REFERENCE:

Original post: [url]
Best regards,
Josh Burt

View 0 Replies


ADVERTISEMENT

Which Hosts Provide Free Trial

Mar 4, 2009

I am looking to get hosting for site that I want to build. At the moment I am looking for shared hosting. Things that I need from the host are unlimited MySQL databases, Unlimited Domains/Sub-Domains, 5GB Disk Space and 10 GB Data transfer. My budget is about $10/month. I know hostgator provides 1 month for 1cent after coupon. I know hostgator oversells but their plans meet my requirements and from what I have read here they aren't too bad. Are there any other hosts that provide the first month for free or close to free, I would like to try out the hosting service for a month to see for myself how they are.

View 13 Replies View Related

How Deny All To Access Website

Apr 29, 2009

how can i deny all of ip instead 2 ip to access to some website?

because these are priv8 website and personal .

i thin that .htaccessis good.

can nany one creat it for me and ist good or use another method?

View 4 Replies View Related

How To Deny Access Via Www.mydomain.com/~mycpanelusername/

May 23, 2008

Is there a way to prevent accessing the website using the domain.com/~username/

Currently on most (all?) cpanel hosting plans it's possible to access the site via [rl].

Maybe there is something to prevent that as it could cause very serious duplicate content issues.

Moreover, I think it's a global bug that affects millions of hosting accounts. Yahoo, for example, many times indexes wrong URLs because of that... In many situations, if I knew your cpanel username, I could link to it instead of your domain to remove your site from search engines..

View 5 Replies View Related

IX Web Hosting - Possible Worst Host Ever? Deny Access To Your Files!

Nov 6, 2008

I signed up for hosting with IX Web Hosting in April of 2007. There have been two occasions that they provided the perfect example of Terrible Customer Service. So much so, my last pony ride with IX Web Hosting was my last. I decided to call it quits and move my account to Host Gator.

I keep my most important sites on a dedicated server at Servint.net. If you are interested in a dedicated server or VPS, I highly recommend Servint. You will not beat the level of service and professionalism this company offers. But that’s another post in itself.

The point is, I had some SEO tests I wanted to perform and I was looking for a hosting company that would allow me to host 10 different domains in the same account on different ip addresses. IX Web Hosting had the plan I was looking for. So in April of 2007, I signed up for a hosting account.

Overall, I was pretty satisfied with the server performance at IX Hosting. I experienced very little if any downtime from server issues. They don’t offer a standard cpanel interface like most web hosts. It appears to be a proprietary / in house control panel.

It was pretty straight forward and with a little time I was up to speed.

Then on June 5, 2008, I got the following email from a System Administrator at IX Web Hosting.
---------------------------
Hello,
My name is Anthony, and I am a system administrator at IXWebhosting. I’m here to ensure a reliable and fast hosting / e-mail environment. This is the reason why I ask you to get in touch with us.

We have received numerous complaints from third-parties about spam originating from your website. As you may know, spam is an on-going problem for all internet users, hence all companies have very strict rules against spam. I am here to ensure that neither you nor any other customer is facing any downsides which could be the result of these spam regulations.

We ask you to immediately cease and desist any such activities. If you are unaware of this activity, please contact me or any of my colleagues via this ticket, phone or live-chat so that we can find the reason for the spam activity together and fix the issue instead of the symptom. Viruses and things of that nature may be installed on your computer and will cause the spamming. We recommend that you run an anti-virus program. If you currently do not possess an anti-virus program, you may download a free version. Please just follow the link below to find Google’s best links for free anti-virus software:

google.com/search?q=free+anti-virus+software [url]

In order to ensure your hosting and mail environment is working flawlessly, we ask you to get in touch with us within the next 72 hours. I highly appreciate your time.
Best Regards,
Anthony Washington
System Administrator
IXWebhosting
-----------------------------------

They identified the domain as bestadtracking.com. This is a domain I own but have never promoted. Not only had I not sent spam through IX Web Hosting, I averaged less than 200 sent email a month on all the domains on my account. So on June 6, 2008 I responded to IX Web Hosting with the following two messages.
-----------------------------------
Hi Anthony,
I can assure you I am not sending spam from this domain or any others. I’m a little surprised that this domain is in question? I set it up over a year ago and haven’t ever promoted it. I don’t send any type of email over this domain. I have no reason to. It gets no traffic or inquiries.

Are you sure there isn’t some type of mistake? Otherwise, there are a couple of php style contact forms on that site. Could a hacker use that sort of thing to send spam? How can we track this down?
Thanks,
Brent Crouch
615-389-XXXX
-----------------------------------
Here is the second email I sent on the same day.
-----------------------------------
Hi Anthony,

I am using AVG on my computer and the scan completed finding no viruses. Besides that, I am using Outlook to manage the mail on several of my domains. I don’t even have a send account setup for bestadtracking.com on my computer. As I stated in the previous reply, I have no reason to since this domain is not promoted.
Can you give me the IP address of where the spam originates? I’d like to compare that to my IP address here at home and office.
Thanks,
Brent Crouch
-----------------------------------

I had no information to track the issue any further. The lack of response from IX Web Hosting left me to believe the issue had been resolved or there had been a mistake. Then 4 days later on June 10, 2008 I got this message.
-----------------------------------
Brent
We tried to reach you today in order to resolve this issue, but unfortunately it has been well over 72 hours since this ticket was placed. We must sadly suspend your services, please do not hesitate to call us at 1-800-385-0450 any time, day or night.
Best Regards
Ian
-----------------------------------
Amazing! They give me no information to solve this problem. On top of that, they don’t respond to my ticket in 4 days and because I didn’t answer the phone when they called they suspended not only the domain in question but every domain listed in my account.

I called in and spoke to a tech support guy who allowed me to remove the domain in question and in return, he restored my other domains. He also left a message to have the tech support manager call me the following day.

The manager I spoke to apologized for the way the ticket was handled and the lack of information that was given. He said he would follow up with the employees that were responsible for the ticket and make sure it never happened again. He was helpful in looking at the server logs and determining how someone had loaded a spam bot onto my site.

Apology accepted. Stuff happens. I considered it water under the bridge and not a big deal. Not so much…..

After my first run in with IX Web Hosting, I wrote the whole incident off as a fluke. The manager I spoke to seemed very sincere and assured me that wasn’t proper protocol and wouldn’t happen again. I was trucking right along until I got this email from them on October 26, 2008.
-----------------------------------
Dear Brent Crouch,
We have received notification of phishing material in your account. Phishing files are usually placed through some type of exploit of out dated code, weak file and folder permissions. Packaged shopping carts and photo galleries are usual sources as hackers find exploits and developers fix them almost daily, so unless you constantly update the software or completely secure it things like this can happen.

You must agree to remove this content and update any software that has resulted in security holes. To protect your account from further action you must agree to our request for compliance. Please respond to this message stating your intent to do so. You may either log into your control panel with us, and access this ticket via the 24/7 help desk, or provide this ticket number to our Live Chat or phone representatives. Failure to respond to this message within 72 hours will result in the suspension of the affected domain with us until such a time as this matter is resolved.
Michael
-----------------------------------
The email gave me no indication of which domain had been hacked. When I wrote to live help and gave them the ticket number, I spent 10 minutes waiting only to be told they didn’t know which of my domains had been effected. They recommended I reply to the online support ticket.

Here is the email I sent them in response on October 27, 2008.
-----------------------------------
I replied to live help and they could not find any information. So far you haven’t told me which domain is a problem.
Please give me the info I need to correct this problem and I’ll take care of it.
Brent Crouch
615-389-XXXX
-----------------------------------
Eight hours later, I was able to find the problem by viewing all the files on my domains and looking for the files that had been recently changed. It turned out my brentcrouch.com domain had been hacked and setup with all sorts of eBay and bank phising pages. The site operates on a Wordpress platform which is widely used and is a big target for hackers.
[url]
I wrote back to IX Web Hosting for a second time on October 27, 2008.
-----------------------------------
I found the problem on my brentcrouch.com domain. I updated the wordpress software to the latest and cleaned up the problem. The only exception is the brentcrouch.com/forum directory. I am unable to delete this directory as the hacker has removed my access. Please delete the directory.
Thanks,
Brent Crouch
-----------------------------------
The following day, here is the email I got back from IX Web Hosting.
-----------------------------------
Brent:
Thank you for your attention to this matter. Per your request we have removed:
/brentcrouch.com/forum - deleted
We will be closing this ticket at this time. If you have any questions please feel free to contact us. We will be happy to assist.

Please note that this is the second time this problem occurred. Unfortunately, I have to bring to your attention that as per our terms of service a third instance will result in immediate account termination without notice. No backups will be provided. If you have any questions about how to avoid this from happening again our support team will be glad to advise.

Respectfully
Frankie
Support Tech Representative
-----------------------------------
When I seen that response, I was pissed! I run my own server at Servint.net. I’ve hosting accounts at several other hosting companies. I’ve never had a site hacked except from IX Web Hosting.

In 4 months, I’ve had two sites hacked. In both instances, IX Hosting was zero help in locating the source of the problem. In the first incident, they didn’t even reply to my ticket for 4 days. In the latest incident, they couldn’t even tell me what domain was hacked.

Then they send me an email telling me if it happens again not only will they suspend my account, they’ll deny me access to my files! Huh?

That’s not a risk I’m willing to take. With the high costs of obtaining customer’s in this business, I’m a little surprised they don’t do a better job of trying to retain them. In my opinion, this policy is unacceptable and makes IX Web Hosting one of the worst hosts I’ve ever dealt with.

I just signed up for a hosting account with Host Gator and have already moved all my domains over. So far, so good.
What’s your experience with IX Web Hosting?

View 14 Replies View Related

Apache :: How To Deny Access To Specific File Using HTAccess

Jun 21, 2014

I would like to deny access to .log

View 1 Replies View Related

Apache :: Deny Direct Access To Images From Other Websites In HTAccess

Jan 28, 2013

I have recently had number of websites that link directly to images from my website. This is not hotlinking, it is direct server request. As an example: on the linking website there is image gallery script with thumbnails and when the visitor clicks on the thumb it calls the image from my website.

I block their IP-s in .htaccess, but it is not the best way to stop them since IP change. Is there any way, similar to anti-hotlinking, to deny such direct access to my images by domain name i.e. to allow only from my website and deny from all others. Or something else that could work in my case with .htaccess.

View 8 Replies View Related

APF Deny Rules Still There Even If The Deny.hosts_rules File Is Empty

Feb 9, 2007

I edited the /etc/apf/deny.hosts_rules files, then removed all lines from the file and finally restarted apf so it can restart with no deny host listed. But that is not working... the file appears empty or again with the rules removed before.

iptables -L -n shows the same banned hosts as dropped.

I already tried.. remove the deny hosts IPs from the file, then ran "iptables -F", then "service iptables save", and finally restarted apf and the deny IPs still there

View 6 Replies View Related

Exim: Unable To Send Mail W/ New Users

Mar 11, 2008

I installed exim and have been able to successfully use it as an smtp server. My test setup was as follows:

email client uses smtp.MYSERVER.com, my login, and password

The email is successfully forwarded to the appropriate recipient. However, when I create a new user, and test it's email capabilities, it does not work. I get a 535 error:

535 Incorrect authentication data

I have double checked the login and password, and I've tried this on multiple accounts. Is there an issue with how I'm creating the users? (useradd)

View 3 Replies View Related

Block Users Sending Over Exim Limits

Mar 2, 2008

on whm/Cpanel I have set max emails per hour limit to 250 for the server, but when a user tries to send thousands of emails, the server still accepts them (they are placed in queue but not delivered) and load spikes.

I am wondering is there is a way for exim to reject those emails when the user attempts to do so.

View 1 Replies View Related

Free CGI Access

May 14, 2009

I am after a free webhosting site that will let me run cgi scripts... I have tried so many sites that are meant to support these scripts, but none of them work...

Does anyone know of a free site that will let me use cgi?

View 1 Replies View Related

Users With Root Access

May 22, 2008

How can view all users have root access in system?

View 6 Replies View Related

Some Users Can't Access My Sites

Jun 20, 2007

I have several users that can't access my sites, they are all from different areas of the world, most are on PC's with WinXP and one is on a MAC. I've had them do all the normal stuff..clean cookies, cache etc all with no luck.

I have a dual processor server running Red Hat 7.3 i686. I do have KISS firewall running.

If I stop the firewall, they can get in, but I can also bring it back up and then for several hours they can still connect, but at some point, they stop being able to.

I currently have no ip's blocked. See below:
BLOCK_LIST=" "
TCP_IN="20 21 25 53 80 110 143 443 995 2082:2083 2086:2087 2095:2096 3306 8443 10000 19638 22 26 37 43 873 993"
TCP_OUT="21 22 25 37 43 53 80 443 873 2089 55000"
UDP_IN="53"
UDP_OUT="53"
TCP_IN_TRUSTED="22"
TRUSTED_IPS="0.0.0.0/0"
SERVER_IPS="0.0.0.0/0"

Nothing that I know of changed, it just started about a week ago.

View 12 Replies View Related

How Do I Give Limited Access To Linux Users

Feb 24, 2008

I have taken over management of a bunch of a dedicated servers and have a question.

What are the commands on Linux (RedHat, RHL) for giving a User access rights to a directory(ies) only.

So that this user can FTP and Telnet to the server but will be able to:

1- only upload files to these directory(ies)

2- only delete files/dirs from these directory(ies)

3- only execute programs residing in these directory(ies)

View 3 Replies View Related

Free Hosting With Access To Cron Jobs?

Oct 25, 2008

I need a reliable, free host where I can run wget on a URL (less than 1k) every 10 minutes via a cron job.

Can anyone reccommend anything?

View 15 Replies View Related

Free SMTP Access For Email Forwarding?

Jul 24, 2006

I have a contact form using .php to forward the contents of the form to my email-ad, but turns out, that something i cant do with my free hosting plan.

i was wondering if anyone knew any services (free) that allow mail forwarding where i can host my .php script together with all associated files and simply link to them from my site?

that would be great! thanks!

(not sure where exactly this post belongs, but it's got something to do with my hosting so im posting it here. if any mods think it should be somewhere else, just move it to where you feel it is appropriate )

View 6 Replies View Related

Latest Linux Gives Untrusted Users Root Access

Nov 4, 2009

Quote:

A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.

The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn't properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.

Read the complete article at The Register. New kernels are available for Redhat and CentOS (obviously), and likely others who may be affected.

View 8 Replies View Related

Sharing Full Group Access To 3 Sites/users

Apr 19, 2009

i have 3 sites/users that all need to be able to access each other with complete read/write/exec access

Site1 Site2 and Site3

what's the best way to do this without screwing up all the premissions and access to my currently active sites. I need advice from someone who is a pro at this and not just guessing at what premissions to set. I'm assume i need to create a MasterGrp and invite all 3 sites then set/change permissions on all three sites. Also all new files created would need to have the masterGrp set as the group automatically

View 4 Replies View Related

Plesk 12.x / Linux :: How To Give Users SFTP Access

Feb 16, 2015

My reseller have got one plan, where option "Gestion de l'accès au serveur via SSH" (Manage SSH access to server) is on "Peut autoriser l'accès uniquement à un environnement chrooté" (Can autorize access only in chrooted environment).

This plan contains only one subscription in which I would like to permit users to use sftp. If I go in the subscription, and then I click on "Customize subscription", I can see option "Gestion de l'accès au serveur via SSH" (Manage SSH access to server) is on "Peut autoriser l'accès uniquement à un environnement chrooté" (Can autorize access only in chrooted environment)...

=> So same than in the plan.

After that, when I click on subscription => WebSites and Domain => One domain => FTP Access and I choose a ftp user, I don't have any option to allow ssh access to the user.

View 4 Replies View Related

Plesk 12.x / Linux :: How To Give Users STFP Access

Jan 18, 2015

I'm using Plesk Panel 12 on Debian GNU/Linux 7.6 server. I created a ftp user in a subdomain (sub.domain.tld) of my domain (domain.tld).

In Tools and settings = Policy security, I allowed sftp and ftp connections. When I try to connect I get this message :

Code:
sftp my_user@domain.tld
Connection closed

In the password file I got :

Code:
my_user:x:10000:1003::/var/www/vhosts/domain.tld/sub.mydomain.tld/httpdocs:/bin/false

View 15 Replies View Related

Disable Shell Access :: Users Can Read Files For Other Websites

Sep 4, 2008

i have a Dedicated server and i installed firewall and i fixed all cpanel option and i disable shell access for all users and ......

but my users can upload shell hack files (Like:c99 ) then they can access to another website ,,,, they can`t Write ,,, they can Read files only

but there is a problem because the hacker will read the config files so my Database websites will hack soon

View 14 Replies View Related

Plesk 12.x / Linux :: Phpmyadmin - All Users (subscriptions) Has Access To All Databases

Sep 19, 2014

today we notice that all subscriptions on Plesk when we access phpmyadmin has access to all databases,it was a Plesk update that can be done this ?

I don't remember to update anything during this days to this happen.

View 1 Replies View Related

VPS Trial?

Dec 10, 2007

Does anyone know a webhost that permits potential customers the opportunity to test their VPS? I'm most concerned about the interface to the VPS -- will I have ssh/scp access to the VPS? Most VPS hosts seem to use other non-standard (ie. not ssh or scp) protocols for administering a VPS. I'm not sure if I would like them.

View 4 Replies View Related

Trial VPS

Jul 29, 2007

Anyone out there offer a free trial or a month free for signing up? I want to make sure it's for me before I sign up and spend the money.

View 4 Replies View Related

Plesk 11.x / Linux :: Give Non-admin Users Access To PHP (Additional Configuration Directives)

Oct 21, 2014

Is there any way to give a reseller or customer access to the php custom settings box labeled "Additional configuration directives" on the website & domains -> php settings button that an admin can see and alter? We have attempted to give resellers the "Common PHP settings management" and "Setup of potentially insecure web scripting options that override provider's policy" options, but it still does not show up to a reseller.

View 1 Replies View Related

Which Dedicated Hosts Offer 1 Month Trial

May 25, 2009

are there any that offers 1 month trial? I saw one that offered 3 month trial....

View 14 Replies View Related

Plesk 11.x / Windows :: Panel Don't Show Users Database In Tab Users

Sep 6, 2013

The upgrade has an error when manage the users database.

PRODUCT, VERSION, VERSION OF MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
OS Microsoft Windows Server 2008 R2 Service Pack 1 x64
Panel version 11.5.30 Update #13, last updated at Sept 1, 2013 03:30 PM

PROBLEM DESCRIPTION
In a costumer panel have a one database MSSQL, and assign to this DB 3 users, but the tab option "Users" don't work fot his costumer and show this error:

Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (línea 807)

ACTUAL RESULT
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (línea 807)

EXPECTED RESULT
Show users in the tab users for database.

View 2 Replies View Related

Preventing Users From Connecting To Other Users Database

Mar 25, 2009

On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server.
What I want to do is to make the users can only connect to their own databases and not other's.

I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved