How I Can Stop Spammer From My Server
Jul 14, 2008How i can stop Spammer from my server?
my control panel is CPANEL !
what software i must install?
ADVERTISEMENT
My Server Seems To Be A Spammer
Apr 29, 2009I have recently been receiving reports from AOL's feedback loop that my server is sending out spam. I have checked the whole server, but cannot find anything strange.
There are some strange things with these feedback reports. I'll post a few lines below (i crossed out my domain with xxx):
Quote:
Received: from andersenreesel by holderem.xxx.biz with local (Exim 4.23)
Received: (qmail 64859 invoked by uid 24901)
Received: from janislanhami by xxx.biz with local (Exim 4.26)
Received: (qmail 43829 invoked by uid 147); 08 Apr 2009 21:22:39 -0000
Received: from raphaelpinkertone by standei.xxx.biz with local (Exim 4.23)
Received: from imanoldelphine by dispatched.xxx.biz with local (Exim 4.23)
Received: from conrado by hostic.xxx.biz with local (Exim 4.23)
The first issue i have is with the subdomains, like "dispatched", "standei", "hostic", etc. These subdomains do not exist on my system. Also, my server does not run the exim MTA.
Another issue i have is the "invoked by uid" statements with uid's 147 and 24901. These UID's do not exist on my system. The passwd file uid's go to around 110.
Apart from these strange things, the IP that is listed in the upper part of the headers:
Quote:
Received: from xxx.biz (xxx.biz [85.xxx.xxx.xxx])
The domain and IP address is correct there, which should indicate that the spam was sent from my system. Or wasn't it?
Keep Getting An Email Spammer On My Server
May 26, 2008Now first I will say I have NO idea how such spamming works, how a punk can get on my server and sent emails out.
I have had a team to look at it they also did something, but now it happens again for the 5th time, what can i do, are there any software or tools one can use like a antivirus to check the server and how can I avoid such sh..
Spammer On CPanel Server
Mar 31, 2008i have the following inside: /usr/local/apache/domlogs
worldlanguage.com-smtpbytes_log
deafper4mer.org-smtpbytes_log missingchildrenblog.com-smtpbytes_log worldlpgas.com-smtpbytes_log
deathball.net-smtpbytes_log missingkids.com-smtpbytes_log worldnet.att.net-smtpbytes_log
deberrym.freeserve.co.uk-smtpbytes_log mistressj.com-smtpbytes_log worldswithoutend.com-smtpbytes_log
djchass.com-smtpbytes_log ms9.hinet.net-smtpbytes_log zollnergarmisch.de-smtpbytes_log
djessentials.com-smtpbytes_log msa.hinet.net-smtpbytes_log zomtide.com-smtpbytes_log
djgavin.com-smtpbytes_log msn.com-smtpbytes_log zoominfo.com-smtpbytes_log
djlw.com-smtpbytes_log mtaconsulting.com-smtpbytes_log ztree.com-smtpbytes_log
djphear.com-smtpbytes_log mtco.com-smtpbytes_log zuneluv.com-smtpbytes_log
dkburnap.com-smtpbytes_log mtdemocrat.com-smtpbytes_log zwergenland-sterkrade.de-smtpbytes_log
dmans.com-smtpbytes_log mtu-net.ru-smtpbytes_log zyit.com-smtpbytes_log
dmatrans.com-smtpbytes_log mulberrycorner.com-smtpbytes_log zymico.com-smtpbytes_log
dmoz.org-smtpbytes_log multexinvestornetwork.com-smtpbytes_log zytor.com-smtpbytes_log
dncinc.com-smtpbytes_log multimedia.cl-smtpbytes_log zzangbbori.com-smtpbytes_log
dnpeters.com-smtpbytes_log mundosofa.com-smtpbytes_log
doble.com-smtpbytes_log murphyspage.com-smtpbytes_log
all this domains are NOT hosted on my server (there are a lot more of this entries.)
I has ben told that this domain namens are used while spaming.
Is there any way to idetify what acocunt has ben hacked and sends spaming via pop3 or apache.
I note a lot of pop3 connections fron russian, china vietnam and high cpu load this happens.
(nobody sernder has already ben dsable il WHM tweaks)
IIS SMTP Spammer
May 10, 2009to stop the IIS SMTP Spammers how you find the culprit spammers site I tried the smtp monitor but not avail.
View 10 Replies View RelatedChinese Spammer ...
Jun 24, 2008I host a vBulletin forum on a US server. I've been getting a lot of signups from one particular spammer, wanting to post about gold harvesting for WoW. I've blocked his IP's, however he keeps using proxies.
He constantly signs up under the name "Array"... Is there a way I can block him for good? I can't moderate user sign-ups, as I'm mostly away from my computer and can't moderate them all the time.
How To Catch This Spammer
May 16, 2007None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
[root@sm4 ~]# /root/qmHandle -m3261696
--------------
MESSAGE NUMBER 3261696
--------------
Received: (qmail 7056 invoked from network); 16 May 2007 05:34:18 -0500
Received: from axicom.net (HELO User) (67.112.176.250)
by 14.32.5446.static.theplanet.com with SMTP; 16 May 2007 05:34:18 -0500
Reply-To: <notice@boamilitary.com>
From: "Bank of America Military Bank"<notice@boamilitary.com>
Subject: Notification from Bank of America Military Bank
Date: Wed, 16 May 2007 04:44:51 -0700
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
<title>Military Bank Online and Bill Payer Deactivation</title>
<FONT face=Arial size=2> </FONT>
<DIV>
<p><font face="Arial" size="2" color="#FFFFFF"> ...<img border="0" src="http://power-web43.net/images/boa.bmp"></font></p>
<p><font face="Arial" size="2"> Dear
Member,</font></p>
<DIV><font face="Arial" size="2"> This is your official notification
from Bank of America Military Bank that the service(s) listed below<BR>
will be deactivated and deleted if not renewed immediately. Previous
notifications have<BR>
been sent to the Billing Contact assigned to this account. As
the Primary Contact, you<BR>
must renew the service(s) listed below or it will be deactivated
and deleted. <BR>
<BR>
<BR>
<b> <a target="_blank" href="http://moremail.epicalliance.com/america.php"><FONT color=#003399>Renew
Now</FONT></a> </b>your <b>Military Bank Online </b>and<b> Bill Payer </b>
services.</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"><BR>
SERVICE: <b>Military Bank Online </b>and<b> Bill Payer</b>.<BR>
EXPIRATION: <b>May, 18 2007</b></font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"><BR>
Thank you for using Military Bank Online.
<br> We appreciate your business and the opportunity to serve you.</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"> Bank of America Military Bank
Member Service</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"><BR>
*****************************************************************************<BR>
IMPORTANT MEMBER SERVICE INFORMATION<BR>
*****************************************************************************</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"> Please do not reply to this message.
For any inquiries, contact Member Service.</font></DIV>
<DIV><font face="Arial" size="2"> </font></DIV>
<DIV><font face="Arial" size="2"> <BR>
Copyright © 2007 Bank of America Corporation. All rights reserved.</font></DIV>
</DIV>
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
Found The Spammer
Dec 31, 2007How can I found the spammer on our server?
one of our customer trying to send mail with a PHP file! but I cannot found this account, can you help me to found this user?
Hostmonster And Bluehost Spammer
Dec 26, 2008Hostmonster and Bluehost Spammer
What is the relationship between Hostmonster and Bluehost?
One spammer has a domain with an NS1.HOSTMONSTER.COM but their IP belongs to Bluehost.
How To Monitor Spammer Sactivity
May 26, 2007I just setup my own LAMP server.
It is only used for my own domains so I want to be able to watch all mail that gets sent from my server, via php or otherwise.
Basically I just want to be able to personally monitor what mail is getting sent from my server so that I can watch for possible spammer activity.
I am using postfix and webmin.. I have sendmail installed to, but I don't think it is getting used..
I guess theres got to be a log somwhere... but I am not sure where it is?
I have postfix set to CC me of all mail that gets sent but, it doesnt seem to work all the time.. just for certain things..
How Did This Forum Spammer (sagepowder) Do This
Jan 7, 2007I just found posts every a few days from an apparent spammer "sagepowder" in my forum (not so popular and has nothing to do with skiing). The subject is always "new here".
The content is "Any snowboarders or skiiers on this forum? I am planning a trip to BC on a snowboarding trip next week" or "I am new here, just saying hello".
I checked the apache log and it doesn't seem to be a robot script posting this. i.e. it browses to the index page, picked up my hidden field that blocks robots, post new topic, the go back to index page.
What surprised me is that when I google this guy, I got 108,000 results with the same content on tons of forums! All with total post number of 1 or 2 on each forum:
[url]
How did he do this? How to block this?
What Is This Email Spammer Trying To Accomplish
Sep 26, 2007I recently moved web services for one of my hosted domains (let's call it example.com) from one server (let's call it .org) to another server (let's call it .net) example.com has been on .org for about 5 years. .org handled all example.com web services, and all email. I recently updated example.com's DNS record to point www.example.com and example.com to the .net server. I didn't change the MX record or mail.example.com to point to .net. Mail continues to be delivered normally to example.com on the .org server.
Except now spammers are hitting the .net server, e.g.
Sep 26 09:26:03 host postfix/smtpd[15098]: NOQUEUE: reject: RCPT from unknown[12.171.150.130]: 554 5.7.1 <AutumnvagaryMontano@example.com>: Relay access denied; from=<> to=AutumnvagaryMontano@example.com proto=SMTP helo=<mdgen-print.marylandgeneral.org>
Is it normal practice for spammers to send dictionary attack based spam to a domain's server that doesn't even handle email? All the spam coming is clearly just random email addresses not based on anything that exsists at the domain, and most of the addresses are so very random I can't imagine they exsist anywhere.
Anyone Else Seeing WordPress Spammer DDOS
Jan 5, 2007For about a month or so now I have a domain I host under serious attack from what I think are spammers. It's a wordpress site, and they are getting big numbers of POST requests to the WordPress comments file, e.g.
Code:
POST /wp-comments-post.php HTTP/1.1
It's a well distributed attack, and I'm doing well with some scripts I wrote to block the requests to the wp-comments-post.php file. The real comment file has long since been moved, so any POST to the file gets firewalled. It's several thousand IPs from all over the place.
I don't believe it's a malicious attempt to bring the site down, but I'm guessing it's a blog comment spammer that has something set wrong and he's pounding this site to death by accident. I could be wrong on that though.
Anyone have any good defense scripts to share?
How We Can STOPED FOREVER To This Spammer
May 14, 2007in our case, HACKER no DELETE files...
He send Spam by POST to file.php
We have APACHE_suexec + PHP in SAFE_MODE=true;
Server is down 3 times in < of 24 hours by this motive.
In this moment We have more of 20.000 mails to send to Bellsouth and Yahoo...
We know this becouse we run
exim -bpr | exiqsumm -c | head
Count Volume Oldest Newest Domain
----- ------ ------ ------ ------
26797 66MB 7h 5m yahoo.com
3260 615KB 3h 3h bellsouth.net
1253 540KB 9h 2h webtv.net
1134 329KB 3h 2h excite.com
926 261KB 5h 3h optonline.net
226 258KB 3h 3h sbcglobal.net
----------------------------------------------
Wath we can do?
How we can stoped this mails?
How we can STOPED FOREVER to this spammer?
Server Don't Stop Crashing
Jan 10, 2007as many of you know, FreeBSD is a stable system... I have many other FreeBSD servers (with the same kernel as this one) that doesn't have problems but this server keeps rebooting once or twice a day (EVERY DAY)
it's just a reboot... something very very similar to someone pushing the reset button
1) messages, security, auth or dmesg has no entries just before the reset, so the kernel is not getting aware the server is rebooting
2) the server comes back after around 10 minutes (reboot time + fsck)
this is happening for long time, so I compiled a new kernel... and the problem didn't stop
I request the datacenter techs to replace hardwares and they told me everything was replaced: motherboard, CPU, memories... and yesterday also the power suply
so I have no other idea on what to do
in fact I have one... setting a nobreak in this server power suply for 2 or 3 days to see if the problem stops, but the datacenter didn't like this idea
Stop PHP Scripts Crashing Server
May 5, 2009I've recently had problems where customers will upload PHP scripts that seem to use alot of CPU. I've got PRM installed but when a PHP script uses a lot of CPU, it doesn't seem to kill the processes or do anything to stop it crashing the server. I've checked the logs of PRM and it does kill some processes that use a lot of CPU/RAM though...
The ideal solution would be for PRM or something else to stop people being able to access the script causing excessive CPU/RAM usage. Even suspending for the reason of using excessive CPU/RAM would be sufficient.
For those interested the OS is CentOS 5.3 with cPanel 11, Apache and the latest PHP 5. Average load is always between 0.50 - 1.90.
How To Stop Mail-server Abuse
Mar 30, 2009in the last 2 weeks has increased the spam mail to external users using our mail accounts.
So a user receives spam believing that it is sent from our sites.
I think the best method is to create a txt file in dns but I have many doubts about how to proceed.
Looking at one of the e-mail back to our mail server I see that emails are sent via outlook.
This is an example of the emails: ...
Ddos / DoS Attack, Won't Stop. Server Is Down
Jul 7, 2009My server was hit with flood recently, to the point where I was unable to log in via SSH. Running 'netstat' command showed I was getting flooded with thousands of http requests from China/Saudi Arabia/Korea. I installed APF firewall and added those countries to deny list.
Next day I was hit from Russia and Romania and some others. By reading some posts on this site, on top of APF, I have also installed Dos Deflate. It was working for couple of hours, but then it stopped working. I could not even log in via SSH. My provider told me that APF was using all of the "conntrack" connections. I have increased conntrack connections to 130,000 (I have 4 Gigs of RAM on my server). Is that possible? (I have about 300 IP ranges in my APF deny list).
Next day, I was got hit by different attack: there was 11 Mbps of malicious traffic on average sent to my server. My provider put me behind firewall to mitigate against that kind of attack.
Currently, I am both behind the hardware firewall and I have APF and Dos Deflate running. However my server is not accessible.
When I request, I can log in for couple of minutes, but then I get kicked out.
Server Crashing / Stop 0x00000050
Nov 18, 2008My server had been crashing for while with Blue Screen of Death (BSOD) and bug check error code as Stop 0x00000050 PAGE_FAULT_IN_NONPAGED_AREA.
It would literally stop by business till I reboot it again.
So I tried pull up all information I could get and fix this.
Here is what I found-
Possible causes:
A faulty driver recently installed
Faulty RAM
Antivirus
Corrupted NTFS file system
I checked the system logs and found errors related to NTFS. Well, my disk needed a chkdsk /r /f to fix this.
Ran it at the command prompt and since it required a reboot to fix on the system drive (C:), had to reboot. Came back successfully.
It has been 14 days and it has not recurred.
Server Crashing / Stop 0x00000050
Nov 18, 2008My server had been crashing for while with Blue Screen of Death (BSOD) and bug check error code as Stop 0x00000050 PAGE_FAULT_IN_NONPAGED_AREA.It would literally stop by business till I reboot it again.So I tried pull up all information I could get and fix this.
Here is what I found-Possible causes:A faulty driver recently installed
Faulty RAM
Antivirus
Corrupted NTFS file system
I checked the system logs and found errors related to NTFS. Well, my disk needed a chkdsk /r /f to fix this.Ran it at the command prompt and since it required a reboot to fix on the system drive (C, had to reboot. Came back successfully.It has been 14 days and it has not recurred.
How Do I Stop Attacks On Mail Server
Dec 6, 2008i am getting hundreds of theses in my mail log each day, trying different names etc and want to put a stop to them and auto ban the ips.
I have APF
Stop Your Server From Blocking Googlebot
May 21, 2008If your server is blocking googlebot from finding your robots.txt file, how do you configure your firewall to unblock it?
I've searched through Google and I've seen may people just say your firewall is blocking it, but none mention how to really stop it from doing that. Like does Google have an IP it uses, and if so, what is the IP you should whitelist for your server?
As I keep getting that message: Network unreachable: robots.txt unreachable
and I'm sure it's due to a firewall issue, just have no idea how to fix that.
How To Stop Further Attack And Further Compramisation Of Server
Jan 10, 2007Today my system which is hosting the site bepenfriends got compramised(win 2k3) and now LT tech guys are working on it to reload the system with a data save. I was not having a hardware firewall which caused this problem. But i had windows firewall, windows malinious software removal tool (defender i haven't installed). I have updated all patches of win2k3 whch was released till today.
Now after restore it will be great work to bring my website back with all those rewritten urls and the softwares and its licenses.
Now please help me out in below stuff.
How to stop further attack and further compramisation of server.
Plesk 12.x / Windows :: MailEnable Locate Spammer
Nov 5, 2014My System is a Windows Server 2012 r2 with Plesk 12.
On this system i have installed MailEnable as my Mailserver.
So at the moment something is spam on this server, but i can't find out who is it.
Received: from win02.XXXXXX([MY IP] helo=WIN02.home)
(envelope-from <root@XXXXXXXX>)
id 1XlyHP-00038b-R0
for x; Wed, 05 Nov 2014 11:57:37 +0100
[Code].....
The header is meaning that the spams come from root@, but there is no account with the name root@...
On linux it is so easy to find the spam with qmail or postfix. Why mailenable it is so difficult
Plesk 12.x / Linux :: Disable Php Mail For Spammer Clients?
Dec 9, 2014Sometimes my clients install untrusted scripts to their account what causes spamming, because these scripts sending high number of spam emails. Is there an automatically way to disable php mail function, or disable the account temporary?
[URL]
Services Stop Responding, But Server Responds To Ping
Nov 19, 2007I'm having a very odd problem with one of my Linux (CentOS) cpanel server, all the server's services (http, ssh, mail, dns, etc) stop responding but the server still responds to ping.
I can't find anything wrong at all on the log files either, and the technicians that manually restart the server have told me that there is no indication of a problem on the screen.
I suspected a hardware issue and had the data center techs run a hardware test on the server but everything cleared ok.
This issue started a couple of weeks ago, no major upgrade or install took place when it started happening. From what i can see the halts are completely random, some times it goes for days without it happening and some times it happens just hours after the reboots.