This is something that has been playing on my mind for a while now and this may be the place to create a plan.
How many of you are recieving emails advertising pills, viagra etc.
And how many are recieving them from domains totally unrelated to the above, sometimes from even your own address??
Has anyone got any thoughts or ideas about how we can put a stop to this?
My server/website is now hijacking and they use my server for sanding spam.
Please help me to fix this error.
My server: Centos, Cpanel, Ldf
Mysite: Joomla 1.0.13
lfd email:
HTML Code:
Time: Tue Aug 28 20:16:51 2007
Path: /home/longpt/public_html
Count: 101 emails sent
Sample of the first 10 emails:
2007-08-28 20:16:40 1IQ7UO-0006AJ-Mf <= nobody@hn.luatgiapham.com U=nobody P=local S=6263 T="Automated Security Notice"
2007-08-28 20:16:40 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UO-0006AC-Iy
2007-08-28 20:16:40 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UO-0006AL-Od
2007-08-28 20:16:40 1IQ7UO-0006Ae-ST <= nobody@hn.luatgiapham.com U=nobody P=local S=6263 T="Automated Security Notice"
2007-08-28 20:16:40 1IQ7UO-0006Ag-Uk <= nobody@hn.luatgiapham.com U=nobody P=local S=6261 T="Automated Security Notice"
2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UO-0006Ae-ST
2007-08-28 20:16:41 1IQ7UP-0006Ak-1x <= <> R=1IQ7UO-00069O-06 U=mailnull P=local S=7333 T="Mail delivery failed: returning message to sender"
2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UP-0006An-6F
2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UP-0006At-B7
2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UP-0006BB-Dv
Possible Scripts:
/home/longpt/public_html/configuration.php
/home/longpt/public_html/CHANGELOG.php
/home/longpt/public_html/configuration.php-dist
and I receive thousands of returning email but I don't send them.
Code:
This is the mail delivery agent at messagelabs.com.
I was not able to deliver your message to the following addresses.
<nolan1@mailbox.ulcc.ac.uk>:
128.86.238.34 does not like recipient.
Remote host said: 550 rejected
--- Below this line is a copy of the message.
Return-Path: <nobody@hn.luatgiapham.com>
X-VirusChecked: Checked
X-Env-Sender: nobody@hn.luatgiapham.com
X-Msg-Ref: server-13.tower-82.messagelabs.com!1188346634!60747442!1
X-StarScan-Version: 5.5.12.14.2; banners=-,-,-
X-Originating-IP: [203.162.168.24]
X-SpamInfo: filtered by Signaturing System
X-Spam-Flag: YES
X-SpamReason: Matched rules 111461236, 114223405
Subject: {Spam?} Automated Security Notice
Received: (qmail 19117 invoked from network); 29 Aug 2007 00:17:31 -0000
Received: from unknown (HELO hn.luatgiapham.com) (203.162.168.24)
by server-13.tower-82.messagelabs.com with AES256-SHA encrypted SMTP; 29 Aug 2007 00:17:31 -0000
Received: from nobody by hn.luatgiapham.com with local (Exim 4.63)
(envelope-from <nobody@hn.luatgiapham.com>)
id 1IQ8CZ-00071e-H1
for nolan1@mailbox.ulcc.ac.uk; Tue, 28 Aug 2007 21:02:19 +0000
To: nolan1@mailbox.ulcc.ac.uk
From: NatWest Bank <online.security@natwest.com>
MIME-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: 8bit
Message-Id: <E1IQ8CZ-00071e-H1@hn.luatgiapham.com>
Date: Tue, 28 Aug 2007 21:02:19 +0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - hn.luatgiapham.com
X-AntiAbuse: Original Domain - mailbox.ulcc.ac.uk
X-AntiAbuse: Originator/Caller UID/GID - [99 32002] / [47 12]
X-AntiAbuse: Sender Address Domain - hn.luatgiapham.com
X-Source:
X-Source-Args:
X-Source-Dir:
<html><head>
<style><!--
body,td{font-family: verdana, helvetica, sans-serif; font-size: 12px; line-height: 1.5; color:#FFFFFF; text-decoration: none; }
a:link{color: #FFFFFF; text-decoration:none;}
a:visited{color: #FFFFFF; text-decoration:none;}
a:hover{color: #FFFFFF; text-decoration:underline;}
I have a VPS and I am wondering if anyone knows any way in which to make it so that emails sent from the server are not seen as spam by hotmail and the likes.
View 5 Replies View RelatedIs there any way to stop spammers from spoofing my address? I've had issues ever since I started this server with getting bounced spam where the "From:" field was (jibberish)@mydomain.com which was annoying but not that constant.
I came online this morning to check my mail and had over 1200 e-mails and all of them have "online@wellsfargo.com" as the "From:" address, but the message-ID has my domain name in it..
Quote:
------ This is a copy of the message, including all the headers. ------
Return-path: <nobody@host.mydomain.com>
Received: from nobody by host.mydomain.com with local (Exim 4.63)
(envelope-from <nobody@host.mydomain.com>)
id 1Hju9b-0002y3-TH
for lwilder1999@yahoo.com; Fri, 04 May 2007 05:32:43 -0400
To: lwilder1999@yahoo.com
Subject: Update Your Account Records
From: Wells Fargo Online <online@wellsfargo.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1Hju9b-0002y3-TH@host.mydomain.com>
Date: Fri, 04 May 2007 05:32:43 -0400
There's gotta be some way (make that 1204.. just got 4 more bounces) to block spammers from doing this. Could someone help a newbie out?
I've been getting a lot of "Undeliverable" emails sent to my email address. On these messages, the spammer is using my email on the "From" part of the email...... So whenever he sends out spam, the person(s) getting spammed think it's from me..... And the thousands of Undeliverable email error messages are also sent to me.
Is there a way to stop this from Happening? ....... Besides changing my email address?
I have just got a resellers VPS and my host installed HyperVM 2.0 and when I logged in it works but then I get logout and then get this error:
IP Address Changed Amidst Session. Possible Session Hijacking.
then it takes my host admin time to fix it and now they will not do any think so i can not now use it (login). Not Good is there something I can do?
all I can think is that it is my ISP IP (Dynamic IP Address) which keeps changing.
my DNS stop resolving, once a day i need to restart the service in cpanel/whm , what can be done to prevent that ?
its a fresh vps only cpanel is there and 2 domains with no pages just a simple under costruction index page . in CSF i have a Your Score: 106/112 in security , it firewalled and hardened
right now is using 299 of ram out of 512 burstable to 768
I was wondering if anyone has any methods to stop spammers? Currently i am keeping watch on the mail queue and making sure nothing unsual. I have in WHM configuration setup to not allow more 200 mail messages per account per hour but for some reason it will hit thousands. WHMCS does seem to suspend them automatically or maybe its because of WHM BUT only when its too late.
Any thoughts or suggestions?
Have a persistent spammer who kept emailing my clients, even non existent domain accounts and getting the bounced emails to be send to a particular yahoo address. I tried to block in all ways but can't seem to stop him. His spams are from all over the world. Any suggestions?
View 3 Replies View RelatedHow to stops the scripts like c99 shell from installing into the server?
View 1 Replies View Relatedhow to stop gunzip -c?
By mistake instead of using gunzip file name on my friend's vps, I had used gunzip -c filename
and its taking hell a lot of time to unzip it, I have no clue on how to stop this and I am scared if I close ssh client, it might be still adding load to the server ..
I am unzipping an 4.5mb file, which on un-compression must be around 14.5mb ..
for the past 10 mins its still unzipping and not sure how long it will go on.. unless I stop it..
a site i manage for a client is being hacked every couple of days, its not the actual site but the hosts server thats getting attacked, all sites on that server, well actually all thier servers.
They have made no attempt to sort this problem, i report it they look at the site and say "site loads fine for us" which it does.
All index files are having a base64 encode line written after the <body> tag, this adds hundreds of spam links which are hidden with display:none; they also add .html to application types in htaccess for php to run in these files too.
Problem is, i am moving the site to another host but cannot change the nameservers to the new host's untill the client returns from a holiday, so i must keep the site up on the insecure host for now.
I am removing the spam code almost daily, is there anyway i can stop this attack happening for the time being, the host does nothing.
I have a server that is sending spam, but I can not know who sent because the server not has installed suphp.
There is another option to see who sends spam?
Is there a way to stop hotlinking? I have a client who has a blog. They have post pics of tattoos. Now there are at least 50 tattoo forums, blogs and other sites hotling to the pics. Now his bandwidth usage has skyrocketed. So enable hotlink protection in his cPanel. Just did a redirect to my main hosting site with a nice please stop hotlink image. Now I see all this in my logs. So I then made a 150 x 9000 clear BG gf with the text at the top please stop hotlinking.
My questions is there any way to stop it. If not should I just make a 1x1 clear gif to redirect to? Also is there a way to not have this traffic show in my log files?
I want to stop emailing myself
I have received quite a few emails from senders claiming to be the recipients [in this case one of my email accounts]. I did not send these emails. This is happening with almost every email account I have setup on one of my domains.
I know this is probably an easy fix-- I am simply unsure of what it is.
I noted that someone else recently posted a similar question-- with only one response. I wanted to see if another post my garner another response.
I would like to ask about the best system or software code used to stop bots and offline down loaders from entering website.
View 2 Replies View Relatedto stop iptables cause when any user make refresh he is take banned from server
i need to stop iptables or how to make rules for it
I already enabled awstat in whm features manager.
And it was working till 3 jan 2008!
But statistic doesn't update now!
i've a vps with iptables, but i've too much traffic (RX), there are too many packets received from random ports on both upt and tcp. Today in just 14 hours i've 2.8 gib of traffic, without any connection for web, email, etc (i've stopped all the services). How can i stop this? it's going to burn all my monthly traffic
View 5 Replies View Relatedto stop supporting php.ini files in clients account because they can turn off safe mode or any fucntions and options and they can hack server! how i can stop supporting this files
View 14 Replies View RelatedFor my site email address I get like 500 emails a day.
Is spam assassin really the only method?
I have a massive spam problem on my server, which I cannot seem to find a cure for. Here is an example of the headers from an example email (from WHM) that is stuck in the mail queue:
Quote:
1HiU0X-0006Y3-O6-Hmailnull 47 12<>1177932329 0-ident mailnull-received_protocol local-body_linecount 78-allow_unqualified_recipient-allow_unqualified_sender-frozen 1177932333-localerrorXX1vrroark@freemail.ru144P Received: from mailnull by host.zaggs.com with local (Exim 4.63)id 1HiU0X-0006Y3-O6for vrroark@freemail.ru; Mon, 30 Apr 2007 12:25:06 +0100045 X-Failed-Recipients: download@host.zaggs.com029 Auto-Submitted: auto-replied058F From: Mail Delivery System <Mailer-Daemon@host.zaggs.com>024T To: vrroark@freemail.ru059 Subject: Mail delivery failed: returning message to sender047I Message-Id: <E1HiU0X-0006Y3-O6@host.zaggs.com>038 Date: Mon, 30 Apr 2007 12:25:06 +01001HiU0X-0006Y3-O6-DThis message was created automatically by mail delivery software.A message that you sent could not be delivered to one or more of itsrecipients. This is a permanent error. The following address(es) failed: download@host.zaggs.com (generated from abraham@keysupplier.com) retry timeout exceeded------ This is a copy of the message, including all the headers. ------Return-path: <vrroark@freemail.ru>Received: from [220.157.245.77] (port=3648 helo=localhost.localdomain)by host.zaggs.com with smtp (Exim 4.63)(envelope-from <vrroark@freemail.ru>)id 1HiU0X-0006Xu-7rfor abraham@keysupplier.com; Mon, 30 Apr 2007 12:25:06 +0100Message-ID: <10fb01c78b19$683b6042$8bc8505a@freemail.ru>From: Noticeable <vrroark@freemail.ru>To: abraham@keysupplier.comSubject: I am 79 years young!Date: Mon, 30 Apr 2007 14:19:48 +0300MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_9E7D5C31.01A57A34"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express V6.00.2900.2180X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180This is a multi-part message in MIME format.------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: 7bit A few words about HGH LifeI have been taking HGH Life for five weeks and there is a noticeable improvementin me overall. Waking up without muscular pain is the most obvious! WhenI run out, I shall be ordering as much as my pension will allow. I am inEngland and am 79 years young!Order HGH Life online ------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"><META content=3D"MSHTML 6.00.2900.2912" name=3D"GENERATOR"></HEAD><BODY text=3D#000000 bgColor=3D#ffffff><font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font =face=3D"Arial" color=3D"#009900" size=3D"5"><strong>A few =words about HGH Life™</strong></font></p><p align=3D"center"><font face=3D"Arial">I have been taking HGH =Life™ <strong>for five weeks </strong>and there is a noticeable =improvement in me overall. Waking up without muscular pain is the most =obvious! When I run out, I shall be ordering as much as my pension will =allow. I am in England and am <strong>79 years =young</strong>!"</font></p><p align=3D"center"><a href=3D"http://worldwdefull.com"><strong><font =face=3D"Arial" color=3D"#ff6600" size=3D"4">Order HGH Life™ =online</font></strong></a></p></font></BODY></HTML>------=_NextPart_000_0000_9E7D5C31.01A57A34--
I can confirm that the person who is doing this IS NOT using the 'nobody' user because I am keeping a spam_log for that.
How else is a user able to use our server for spam? Please help as I would like to get this sorted ASAP.
i have server and on the server 150 website and more
someone upload mailer and send spam to online banking
i want know where this mailer on the server coz my server on nobody
i stoped sending from nobody from Tweak Settings till know what the account sent that and all message in Mail Queue Manager
what the solution?
any script to know that or method?
I have my own server which I use for my own websites.
I use the following features of WHM -
Creating accounts
Deleting accounts
Creating "packages" for my accounts
Restarting services
...and possibly one or two other items once or twice a year.
I use the following features in Cpanel -
Checking statistics
Adding e-mail accounts
...and possibly one or two other items once or twice a year.
I'd like to break the (small) WHM/Cpanel habit I have and do all of the above via the command line.
Is this a big task?
Where should I start?
One of the servers have 1 account on, but seems like its extremely attacked. I cannot SSH and many packet loss. so I asked softlayer and they access it and said its a SYN Flood as from the /var/log/messages (I cannot see it as the server is not accessable) they put the main public ip under Cisco guard but still didn't help. when I asked for any solution, unfortunaly I were told there isn't and have to wait the attackers to stop as it comes from MANY addresses that iptables even won't help.
Isn't there any solution (software-hardware) to stop that ?