How To Catch Localhost Spammers
I am failed to catch this spammer, please help me to find out the source. There is no such domain on my server. User is using localhost in smtp, I am using mail enable standard on my server ....
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
Pop3 (catch All)
I just googeling about the things come to know about the pop3 gateway (catch all). I want to know that what it is meant for and how to add it in my lx admin control panel account.
View Replies!
View Related
Catch-all Account
I have many domains on my mail servers using catch-all accounts. Due to this they receive a large number of spam and also the mail queue is always high. As a result, I have been thinking of disabling the catch-all account entirely on all the mail servers. I am however, not sure whether to do it or not. Are there any other companies which have disabled the catch-all facility in their mail servers? Shall I proceed towards disabling the catch-all facility?
View Replies!
View Related
How To Catch This Spammer
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user. how to catch this spammer. There are no clues of to catch him. [root@sm4 ~]# /root/qmHandle -m3261696 -------------- MESSAGE NUMBER 3261696 -------------- Received: (qmail 7056 invoked from network); 16 May 2007 05:34:18 -0500 Received: from axicom.net (HELO User) (67.112.176.250) by 14.32.5446.static.theplanet.com with SMTP; 16 May 2007 05:34:18 -0500 Reply-To: <notice@boamilitary.com> From: "Bank of America Military Bank"<notice@boamilitary.com> Subject: Notification from Bank of America Military Bank Date: Wed, 16 May 2007 04:44:51 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 <title>Military Bank Online and Bill Payer Deactivation</title> <FONT face=Arial size=2> </FONT> <DIV> <p><font face="Arial" size="2" color="#FFFFFF"> ...<img border="0" src="http://power-web43.net/images/boa.bmp"></font></p> <p><font face="Arial" size="2"> Dear Member,</font></p> <DIV><font face="Arial" size="2"> This is your official notification from Bank of America Military Bank that the service(s) listed below<BR> will be deactivated and deleted if not renewed immediately. Previous notifications have<BR> been sent to the Billing Contact assigned to this account. As the Primary Contact, you<BR> must renew the service(s) listed below or it will be deactivated and deleted. <BR> <BR> <BR> <b> <a target="_blank" href="http://moremail.epicalliance.com/america.php"><FONT color=#003399>Renew Now</FONT></a> </b>your <b>Military Bank Online </b>and<b> Bill Payer </b> services.</font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"><BR> SERVICE: <b>Military Bank Online </b>and<b> Bill Payer</b>.<BR> EXPIRATION: <b>May, 18 2007</b></font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"><BR> Thank you for using Military Bank Online. <br> We appreciate your business and the opportunity to serve you.</font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"> Bank of America Military Bank Member Service</font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"><BR> *****************************************************************************<BR> IMPORTANT MEMBER SERVICE INFORMATION<BR> *****************************************************************************</font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"> Please do not reply to this message. For any inquiries, contact Member Service.</font></DIV> <DIV><font face="Arial" size="2"> </font></DIV> <DIV><font face="Arial" size="2"> <BR> Copyright © 2007 Bank of America Corporation. All rights reserved.</font></DIV> </DIV> None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user. how to catch this spammer. There are no clues of to catch him.
View Replies!
View Related
Monster Server! However, With A Catch
My client currently have news website that gets around 2.5 million average hits (number of requests) per day. Currently the site is hosted on single enterprise class server in a local data center (in Asia). Some days with breaking news the traffic peaks up and the website become unresponsive for several hours. 60% of the traffic is local and the other 40% is mostly from US and Europe. My client is on a best available server on his local IDC and the IDC doesn't have anything further to offer, hardware or technology wise. In the same time client doesn't want to drop the local IDC as the 60% of his traffic is local. What are my options? 1. I'm looking for a multi processor server with 8GB ram/10K 2X400GB SAS HDD's. In general, do I really need this type of server to serve 1 million hits? 2. What type of providers that you recommend for the above requirement? 3. I mainly need to route the US/Europe traffic to a US server or at least blindly route 50% of the traffic to a US server. How do I do this? -- 3.a. Can this be done with software load balancing or something like Round Robin world work? Or how do we do this? -- 3.b. What type server Admin's or management providers who can help clients with similar service (see 3.a)? -- 3.c. Does Cloaking type of thing helps?
View Replies!
View Related
Moodle VPS Catch-22
Going through [url] Installing_Moodle I came to see the thumb rule of 1GB RAM for 50 concurrent users. While I do not think it is mentioned for VPS, it may imply around 15 concurrent users for 256 MB RAM. A cheap shared hosting can handle that easily without moodle chat. I have heard that VPS is more powerful than typical shared hosting. But, if it is only powerful for the root access but not for handling larger users then it looks like a dilemma situation.
View Replies!
View Related
SPF Record And Catch-all Emails
how good is adding SPF to a host with catch-all emails in preventing spams. Web hosts suggest to turn off the catch-all emails. But what if there is need to turn catch-all emails, then does SPF record do a good job in preventing hacker from sending out emails that appear to originate our web host?
View Replies!
View Related
Vietnamese Localhost
I am a Vietnamese girl and a new member. I'd just like to ask anybody knows about vietnamese localhost? I use appserv, but it does not have vietnamese language, so if I'd like to submit categories, etc. in Vietnamese into my phpmyadmin, it does not work. Only languages are okay, like: English, Deutsch, French, Spain, .... but there are no Vietnamese language. What should I do? We write with latin characters, but there are apostrophes which appserv cannot read. Does it happen to any Vietnamese here in forum? how can write a text in Vietnamese language into phpmyadmin,
View Replies!
View Related
DSL + Localhost
A friend of me would like to setup a local server with my DSL. The problem is the IP address keeps changing and he does not want to purchase a static IP. The script needs to detect the IP address and then email it to the admin over here daily.
View Replies!
View Related
127.0.0.1 Works But Not Localhost
I just installed wamp here on my laptop to set up a developer machine for my website. I am used to going into the browser and just typing in "localhost" and having it bring up the test website. I'm sure there is probably something wrong with the configuration of the wamp files because it works for 127.0.0.1.
View Replies!
View Related
How Associate 127.0.0.1 To Localhost
I've installed WampServer on my Windows Vista machine. Haven't used it for a while but now for some reason I can't access http://localhost, firefox tells me, "Firefox can't establish a connection to the server at localhost.". I can access WampServer via [url]and the main WampServer default page appears. Apache version : 2.2.8 PHP : 5.2.6 MySql : 5.0.51b Which file(s) do I need to edit in order to associate localhost to 127.0.0.1
View Replies!
View Related
Limit Access To Localhost
I have a win2003 server running some apps in the 'default web site' I have just installed PHP on the 'default web site' and I want to use it to run some admin jobs. BUT I do not want the PHP scripts to be accessible over the internet, they should only run from local machine. Is it possible to set it up so that the files can be executed only by localhost?
View Replies!
View Related
Accessing Blog On Localhost
I installed Wordpress on a local install of Apache so that I can play around with it and get my design down before I put it on the web. I can get to the admin and do everything, but I can't actually get to the site. I had an index.html in my htdocs directory, which was deleted, but now when I go to localhost, it just shows the directory.
View Replies!
View Related
Configuring Subdomains In Apache On A Localhost
I'm currently trying to configure apache 2 to handle subdomains. This is on a local machine (not tied to any domain names) and I'm only doing it to research how the final structure of a site 'could' be setup. Basically I have a single install of Apache 2 running. The outcome eventually should be to have specific sub domains that all point to the same document root as the actual domain name. So eventually I will have: http://www.mydomain.com http://subdomain1.mydomain.com http://subdomain2.mydomain.com with both subdomains showing the content at mydomain.com (there is reasoning behind this but I'm not gonna go into that). I have apache setup as follows: NameVirtualHost *:80 <VirtualHost *:80> ServerName daneastley DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs" </VirtualHost> <VirtualHost *:80> ServerName subdomain1.daneastley DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs" </VirtualHost> <VirtualHost *:80> ServerName subdomain2.daneastley DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs" </VirtualHost> Now on my local machine, only the top one works - the subdomains dont. if I add the following into my hosts file in windows, they all work: 127.0.0.1 daneastley 127.0.0.1 subdomain1.daneastley 127.0.0.1 subdomain2.daneastley the problem being, that I wish to test this enviroment on the local network. How would I go about having every computer being able to access this? I'm assuming it comes down to DNS stuff.
View Replies!
View Related
Malicious Mail Sent Out Via MailEnable On Localhost
we received a report of a malicious mail being sent from our servers. Problem is that the sender and recipients are not hosted with us. What I'm trying to find out is how the mail got sent out. The ME logs shows that the connection was made from 127.0.0.1 to the smtp service, but that's it. We don't run mail services (pop3/imap/webmail) on the web servers, if that helps any. Have run out of ideas after sifting thru lots of logs (was trying to find if anyone called an application to send the mail and attachments out), but came up empty.
View Replies!
View Related
Unable To Connect Localhost(10061)
I am stuck in re-installing mysql server..... Everything I have removed even mysql service give reboot the machine but still not able to complete the installation. At the end I receive error " Can't connect to Mysql server with LocalHost (10061) By the way if port 3306 is not enabled in firewall can this issue be occurred because of this?
View Replies!
View Related
Fast MySql Access- Localhost
I've been using Dreamhost for years and they're very good, but their MySql databases are quite slow. Then I moved to ServInt with a VPS, and my MySql is on localhost instead of on a different server. WOW! It's so fast! However, now I'm trying to find a shared hosting package that has fast MySQL service. I'm not sure if the requirement is that it's on localhost but it sure doesn't hurt. Is there anyone who is familiar of a good solid shared hosting package with fast MySQL service?
View Replies!
View Related
Local Mysql Server Name, IP Or Localhost
I am using localhost as mysql server name on my config file. then, when I enter [url], the address will automatically change to[url]that obviously getting error. when I change the mysql server name from localhost to the server public IP, everything seems ok. My sql is 4.1.x with php 4.4.7, is that any way I may use localhost instead of IP? or is there any potential danger using IP?
View Replies!
View Related
Bluescreen On Win XP Accessing Localhost
I just installed IIS on my Windows XP machine and any time I access localhost I get a bluescreen and my computer will restart. I have tried to uninstall IIS, reboot, re-install, reboot then try accessing localhost and that does not fix anything. This is on an almost fresh install of Windows. (The computer is only 1 week old)
View Replies!
View Related
Spammers Help
It looks like someone spammng from our server. I have checked exim_mainlog and got the this info. 2007-01-23 03:12:32 1H99Fz-0004wl-RV => erio@erio.com R=lookuphost T=remote_smtp H=mail.erio.com [217.220.27.241] 2007-01-23 03:12:40 1H99Fz-0004wl-RV => brown2525@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> beth46@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> dstanfie@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> harris3943@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> yumyyelow@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> gloverlm@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> debilu@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mosleyclan4@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> 61369@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> melabong@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> k_mcmull@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> anniern@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> bannaj1@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> lizzied@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> gillumd@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> pfeiferk36@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mommyof2@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> tongem@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> whitsonswrecker@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mmal63@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> goosynina1@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> malenat@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> jlhk@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> tawndawn@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> usnssn@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> crazybutcute0304@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> thomas0421@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mercibw@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> crouch1966@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> pj16@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> alba93@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> sassyd69@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> bettysue57@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> jimfiscus@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> nvonalme@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> breweragency@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> annaksimpson@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] In the log file is showing like this. 2007-01-22 19:11:24 1H99Fz-0004wm-Vp <= <> R=1H99Fz-0004wl-RV U=mailnull P=local S=605030 2007-01-22 19:11:24 1H99Fz-0004wl-RV <= stlawson100@yahoo.com.hk U=churchre P=local S=3558 id=23894.217.194.149.171.1169511083....el@65.xx.xx.xx I couldn't find who is sending.
View Replies!
View Related
Spammers
problem with spammers.. i installed bruteforce attack and apf but spammers still trying to use my mail server to spam.. bfa sending me 20-30 warning emails everyday like Quote: The remote system 200.83.230.214 was found to have exceeded acceptable login failures on xxxxxx; there was 62 events to the service exim. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible. Executed ban command: /etc/apf/apf -d 200.83.230.214 {bfd.exim} The following are event logs from 200.83.230.214 on service exim (all time stamps are GMT -0600): this spammers causing to load cpu very hi and freeze my server sometimes. is there any way i can setup to only allow authenticated users to access the mail server. or any idea.. im not a hosting company hosting my websites and im a poor guy can't hire server admin.. and i have search it on google could'nt found anything..
View Replies!
View Related
Error Connecting To IMAP Server: Localhost
i'm on Linux dedicated box -DirectAdmin panel I use Squirrelmail to se my e-mail. When i try to log inn and read mail i get this message: Error connecting to IMAP server: localhost. Where can i change this...... Squirrelmail SquirrelMail version 1.4.17 By the SquirrelMail Project Team ERROR Error connecting to IMAP server: localhost. 111 : Connection refused webmail ERROR (2): fsockopen() [function.fsockopen]: unable to connect to localhost:110 (Connection refused) (/var/www/html/webmail/inc/class.uebimiau_mail.php:80) RoundCube Webmail Connection to Imap server failed Read on another forum, that this can solve the problem /etc/rc.d/init.d/imaps restart /etc/rc.d/init.d/imap restart -bash: /etc/rc.d/init.d/imaps: No such file or directory -bash: /etc/rc.d/init.d/imap: No such file or directory telnet localhost 143 for imap or 993 for imap over ssl Usage: telnet [-8] [-E] [-K] [-L] [-X atype] [-a] [-d] [-e char] [-k realm] [-l user] [-f/-F] [-n tracefile] [-r] [-x] [host-name [port]] Also Xinetd restart don't help [root@server etc]# /etc/rc.d/init.d/xinetd restart Stopping xinetd: [ OK ] Starting xinetd: [ OK ] Looks like that Imap isn't installed ? Correct me if i'm wrong ..............
View Replies!
View Related
Can't Connect To MySQL Server On 'localhost' (10055)
Do you guys know anything about this? My server works perfectly with INSERT, UPDATE, DELETE for mysql. but after like 12 hours later, my application crashes and I get this "Can't connect to MySQL server on 'localhost' (10055)" and I would have to restart my applications and everything will be working perfectly. Do you guys have any idea why this happen? I do have a lot of connections coming in and out of my server. Would that mean anything?
View Replies!
View Related
Mail Server & Webmail In Localhost
I want to run a local Mail Server + Webmail Client (opensource. I googled and I found hmailserver[server] and Roundcube [webmail]. the problem that i can't config any of them How have an other alternative for mail server or a solution
View Replies!
View Related
Sendmail Sends From Localhost.localdomain No Matter What I Try
I have these lines in sendmail.mc and I've compiled the sendmail.cf with them: LOCAL_DOMAIN(`freesexdoor.com')dnl MASQUERADE_AS(`freesexdoor.com')dnl FEATURE(masquerade_envelope)dnl MASQUERADE_DOMAIN(localhost)dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl I have the users daemon, freesexd and root in the trusted_users file. I have restarted sendmail (using service sendmail restart). I have the domains: server.freesexdoor.com, freesexdoor.com and mail.freesexdoor.com in the sendmail's local_hosts file. In Apache 2's httpd.conf, I have this: php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f freesexd [at} freesexdoor.com' Yet when I sent an e-mail with php to advertising [at} freesexdoor.com, I got these headers in the e-mail, which don't look good to a spam filter: Received: from localhost.localdomain (IS-3293 [127.0.0.1]) by localhost.localdomain (8.13.8/8.13.8) with ESMTP id Received: (from daemon@localhost) by localhost.localdomain (8.13.8/8.13.8/Submit) id Message-Id: <200712180935.lBI9ZrRs005480@localhost.localdomain> Additionally hotmail rejects my e-mails and it is obvious why. (My OpenSPF record is fine btw and on my former server I was able to send e-mails with it fine.) Naturally I want something like "freesexdoor.com" to replace "localhost.localdomain" in those header lines. So how can I get this working? The OS is CentOS 5 by the way.
View Replies!
View Related
Access Denied For User 'root'@'localhost
I'm getting the error after running [root@server ~]# mysqladmin processlist Quote: mysqladmin: connect to server at 'localhost' failed error: 'Access denied for user 'root'@'localhost' (using password: NO)' I'm running plesk on FC4. Not too sure why it says failed or denied, as I'm root?
View Replies!
View Related
MS Virtual PC - How To Access My Localhost (Apache) Subdomains On Guest OS?
I've just downloaded Microsoft Virtual PC and the Internet Explorer 6 Application Compatibility VPC Image containing an XP installation for testing sites with IE6 [url]. Everything works fine, I chose VPC Shared Networking (NAT) and I can access the internet from the VPC as well as my Apache development server which runs on the host OS (Win XP) by going to the host's IP address which is [url] in my case. And here I have 2 problems: 1. I want to access [url]on VPC just by typing [url]. I added the following line to the hosts file: 192.168.52.141 localhost But this doesn't work. Interestingly, any name other than localhost works fine, for example: 192.168.52.141 localhost.localhost or 192.168.52.141 local This is not a major problem but I'd prefer localhost. Any ideas how to do that? 2. And the more important issue: on my host OS I have some development sites which I have set up to be accessed by subdomains, for example [url], in httpd.conf: Code: <VirtualHost 127.0.0.3> ServerName perfekt.localhost DocumentRoot C:wwwperfekt DirectoryIndex index.php index.html </VirtualHost> and in hosts file: Code: 127.0.0.3 perfekt perfekt.localhost And now I want to access this site from my VPC too by using subdomains like this! How can I do that? The address 127.0.0.3 seems to be local to the OS and VPC can't see it. I have tried setting other IP addesses in httpd.conf but nothing outside the 127.x.x.x range works on either OS. I suppose I need to make each of my sites to be seen under a different IP from the outside network so that VPC (which is "outside" the host OS) can access them - then I just set up the appropriate subdomain names in VPC hosts file -
View Replies!
View Related
How To Stop Spammers?
I was wondering if anyone has any methods to stop spammers? Currently i am keeping watch on the mail queue and making sure nothing unsual. I have in WHM configuration setup to not allow more 200 mail messages per account per hour but for some reason it will hit thousands. WHMCS does seem to suspend them automatically or maybe its because of WHM BUT only when its too late. Any thoughts or suggestions?
View Replies!
View Related
Spammers Hotlinking
I have found some spammer hotlinking to my images to get his site crawled, I have modified the .htaccess to attempt and serve his hotlinking domain with a warning but it does not work... My actual .htaccess file is the one below (it was created by wordpress automatically): # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress I am adding these lines right below: -------------------------------- RewriteEngine On RewriteCond %{HTTP_REFERER} ^http://(.+.)?spammerdomain.com/ [NC,OR] RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L] ------------------------------------ My questions... I dont kmow too much what I am doing, following the tutorial here, http://altlab.com/htaccess_tutorial.html but the problem is that my .htacces already contains something created by wordpress that to me looks like garbage as I don't understand the meaning. I dont know if I should add the lines inside the <IfModule mod_write.c> or outside them as I have done. I dont know if it is ok to have two times Rewrite Engine On PS: When I added the lines I describe above, my site also stopped displaying the images, I had stopped everyone including myself from hotlinking them. I only want to stop certain domain. or even better, my ideal solution is to WHITELIST my domain names (I have two using hotlinkg to those images), but I will settle for blacklist if it is easier.
View Replies!
View Related
How To Stop Spammers ...?
Have a persistent spammer who kept emailing my clients, even non existent domain accounts and getting the bounced emails to be send to a particular yahoo address. I tried to block in all ways but can't seem to stop him. His spams are from all over the world. Any suggestions?
View Replies!
View Related
Protecting Against Spammers?
I was on my visitors on AWstats, and when looking up most of the top IPs (the ones that viewed the most pages), most of them were associated with IANA, and tagged as spam/hacker IPs. Of course, I've blocked all of those IPs with my .htaccess file, but how can I further protect my server from such threats? How can I rid my server of these spammers/hackers?
View Replies!
View Related
Finding Spammers
trying to find a spammer on my system, who just sent out and is still sending out 4000+ emails... i have a centos vps with whm. looked at exim_mainlog, there's nothign telling. the message body is visible, but the links it points to arent' hosted by me. there is no return address, its sending mail as nobody. phpsuexec is not an option.
View Replies!
View Related
Spammers On VPS
Any thoughts, or opinions are welcome. Looking for options on how to stop this. Recently I've started receiving spam that appears to originate from a hosted domain on my VPS. It appears to only be an issue with this website account and not the VPS generally. I've disabled the IMAP service to ensure the spam was not being sent from the server. The spam continues which leaves the POP email accounts as a possibility or something else. My hosting provider says it looks like email spoofing. Someone seems to be using the address at foobar.com to send out spam. The method that he has employed is called email spoofing. Email spoofing is the practice of changing your name in email so that it looks like the email came from somewhere or someone else. However, you need not be concerned. Individuals, who are sending "junk" email or "SPAM", typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator. The spammer is not using our server to send out spam, hence your email address will never be blacklisted. There is really no way to prevent receiving a spoofed email. Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox. The following are headers of two spam emails. Both of these addresses are setup as forwarders and not actual email accounts. The spam came to our attention because it is being sent to addresses on foobar.com with headers as also originating from foobar.com I changed the actual names for privacy host.vpsdomain.com [123.123.123.123] - VPS domain foobar.com - website account on VPS myemailaccount@gmail.com - address foobar forwarders send to Delivered-To: myemailaccount@gmail.com .....
View Replies!
View Related
Our Smtp Being Used By Spammers
I have deciated windows 2008 server and from last 2 days there is some thing which is using our smtp server to send spam its like we get thousand of spam emails qued in our outbound que, although our security is really high, such as smtp authtenication (open relay) and other options are already enable and we ran anti virus scan too but nothing found. I wonder if there is anyone else out there who face such problem and how did you stop?
View Replies!
View Related
Hosting Spammers
As hosting providers, it is important to follow the standard industry supported AUP/TOS agreements to keep spammers in their place. Do you believe spammers should be able to buy their way to hosting? Some hosting providers have allowed spammers to stay by allowing them to pay a premium hosting fee.
View Replies!
View Related
Stopping Spammers
I have WHM 11.1.0 cPanel 11.2.1-C11635 FEDORA 4 i686 - WHM X v3.1.0 PHP Version 4.4.4 I'm not sure what my apache version is. I want to try this: http://www.webhostgear.com/232_print.html It says it's for Apache 1.3x, PHP 4.3x Will that work on my server? Will it be safe to try?
View Replies!
View Related
How To Stop Spammers
I have a massive spam problem on my server, which I cannot seem to find a cure for. Here is an example of the headers from an example email (from WHM) that is stuck in the mail queue: Quote: 1HiU0X-0006Y3-O6-Hmailnull 47 12<>1177932329 0-ident mailnull-received_protocol local-body_linecount 78-allow_unqualified_recipient-allow_unqualified_sender-frozen 1177932333-localerrorXX1vrroark@freemail.ru144P Received: from mailnull by host.zaggs.com with local (Exim 4.63)id 1HiU0X-0006Y3-O6for vrroark@freemail.ru; Mon, 30 Apr 2007 12:25:06 +0100045 X-Failed-Recipients: download@host.zaggs.com029 Auto-Submitted: auto-replied058F From: Mail Delivery System <Mailer-Daemon@host.zaggs.com>024T To: vrroark@freemail.ru059 Subject: Mail delivery failed: returning message to sender047I Message-Id: <E1HiU0X-0006Y3-O6@host.zaggs.com>038 Date: Mon, 30 Apr 2007 12:25:06 +01001HiU0X-0006Y3-O6-DThis message was created automatically by mail delivery software.A message that you sent could not be delivered to one or more of itsrecipients. This is a permanent error. The following address(es) failed: download@host.zaggs.com (generated from abraham@keysupplier.com) retry timeout exceeded------ This is a copy of the message, including all the headers. ------Return-path: <vrroark@freemail.ru>Received: from [220.157.245.77] (port=3648 helo=localhost.localdomain)by host.zaggs.com with smtp (Exim 4.63)(envelope-from <vrroark@freemail.ru>)id 1HiU0X-0006Xu-7rfor abraham@keysupplier.com; Mon, 30 Apr 2007 12:25:06 +0100Message-ID: <10fb01c78b19$683b6042$8bc8505a@freemail.ru>From: Noticeable <vrroark@freemail.ru>To: abraham@keysupplier.comSubject: I am 79 years young!Date: Mon, 30 Apr 2007 14:19:48 +0300MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_9E7D5C31.01A57A34"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express V6.00.2900.2180X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180This is a multi-part message in MIME format.------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: 7bit A few words about HGH LifeI have been taking HGH Life for five weeks and there is a noticeable improvementin me overall. Waking up without muscular pain is the most obvious! WhenI run out, I shall be ordering as much as my pension will allow. I am inEngland and am 79 years young!Order HGH Life online ------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"><META content=3D"MSHTML 6.00.2900.2912" name=3D"GENERATOR"></HEAD><BODY text=3D#000000 bgColor=3D#ffffff><font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font =face=3D"Arial" color=3D"#009900" size=3D"5"><strong>A few =words about HGH Life™</strong></font></p><p align=3D"center"><font face=3D"Arial">I have been taking HGH =Life™ <strong>for five weeks </strong>and there is a noticeable =improvement in me overall. Waking up without muscular pain is the most =obvious! When I run out, I shall be ordering as much as my pension will =allow. I am in England and am <strong>79 years =young</strong>!"</font></p><p align=3D"center"><a href=3D"http://worldwdefull.com"><strong><font =face=3D"Arial" color=3D"#ff6600" size=3D"4">Order HGH Life™ =online</font></strong></a></p></font></BODY></HTML>------=_NextPart_000_0000_9E7D5C31.01A57A34-- I can confirm that the person who is doing this IS NOT using the 'nobody' user because I am keeping a spam_log for that. How else is a user able to use our server for spam? Please help as I would like to get this sorted ASAP.
View Replies!
View Related
Hackers..spammers..
I've been on yet-another crusade this morning..and have a few questions for the..umm.."general" hosting audience. We live in odd times. If you told me that script kiddies might be able to completely comprimise a server via php..or that spammers are now using the webserver *itself* to send spam a few years ago..I would have laughed. This is no laughing matter. A concept of privacy comes into play..and I'm curious how many of you handle it. Joe pays me for a account..agrees to my TOS/AUP..and starts uploading files. The way I see it..we have many ways of dealing with scripts that do bad things. It seems to me, though...this may be considered "spying" on our customers. If we have a script..say..that runs every fifteen minutes..and looks for these scripts..wouldn't that be considered spying? Or would this be something we should just bury in our aup/tos that this might happen? I have read and agreed to quite a few of those AUP/TOS things..and I can't remember even one time even a mention that files that I upload to the server may be scanned or inspected..before allowing the file to be placved on the server. Never..not once. However...this may have changed. If you've ever tried to get even a simple Perl script to work on a Cpanel server...you probably understand that many safeguards are there for the sake of everybody else on the server...and may prevent you from doing what you want to do with the script(s). At the same time..though..it seems to fly in the face of common sense that many script packages available today are inherently insecure. Chmod 777 files and directories? Even in the times we live in today and know this is a very, very bad idea? Yet..there seem to be even more like this today than ever before. >>I mention this from first hand expereince. One of the many magazines I get had a article detailing the trials the author was having trying to get Simple Groupware working on a vps. yesterday..I noticed a post with a person wanting something installed on a production server. Not only was the program a beta..but..just like Simple Groupware..looked horribly insecure. In retrospect...I can remember the very first php script I ever used. The year was 1996..and this was my first Cpanel shared account. I even remember having to add *.php to the mime types. It installed without a hitch..and..coming from the Perl world I had spent many years in..and many hours getting those scripts to work..it seemed almost like a miracle. It seems, as hosts, there are a few ways we can go at this. 1) Modify the ftp server so it inspects files 2) Have a program that looks for things..much like rkhunter does. 3) A front-end for all scripts..perhaps MySQL as well..that enforces rulesets..for restricted content..or resource allocations.
View Replies!
View Related
Existing Account Have Enabled Catch All Account
existing account have enabled catch all account automatically & i don't know how? Main >> Server Configuration >> Tweak Settings Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks. currently it is tick marked on fail And forwarders has been set to e.g jeetu@jeetu.info to domain automatically & also i don't how? when i try to delete this forwarder its shown deleted successfully Code: Email Forwarding Maintenance jeetu@jeetu.info's mail will no longer be redirected to jeetu. then again i checked forwarder & found that forwarder is not deleted why? what could be the problem? due to this our clients are facing out of disk space running problem & they are not able to get future emails 1. now i want to disable catch all account for all existing accounts at one go 2. also i want to terminate forwarders for all existing users at one go Let me know how to do this Check attachment for further reference
View Replies!
View Related
"Catch All" Email Hijacked
i have set email for some domain to catch all setting. After some time i have a lot of bounce, redirect and rected email to address. How come my email accounts are hijacked and what to do to prevent such things in case of catch all setting. Here it is noteworthy catcth all used to attract a lot of spam.
View Replies!
View Related
DirectAdmin - Access Denied For User 'apache'@'localhost' (using Password: NO)
I get the following error when let my site connect to my database: Access denied for user 'apache'@'localhost' (using password: NO) But when im running lil test script which connect to my localhost with the same passwords and it gives the status 'Connection OK' (im running on admin account, made a MySQL account with DA) Code: <?php $link = mysql_connect('localhost','admin_removed','removed'); if (!$link) { die('Could not connect to MySQL: ' . mysql_error()); } echo 'Connection OK'; mysql_close($link); ?>
View Replies!
View Related
Find And Kill Spammers!
Just got alerted that my server is being used to send spam. Here is the information the datacenter gave me: [information .....] NOTE: I changed the real domain name and IP only. Is there an expert who can help me decipher this? How do I find the culprit? My provider is threatening to shut me down and sink all my clients with the ship! I am running the latest WHM and cpanel server, fyi.
View Replies!
View Related
Uncovering Comment Spammers -- What Are They Doing?
A lot is known about e-mail spammers, both due to lots of investigations into them and due to some "ex-spammers" talking about what they've done. And it's widely known that they're using infected PCs now. But what about comment spam? I've been dealing with it a lot at work, and am noticing some oddities. A good amount tends to come from countries where labor can be had cheaply, and watching logs on pages with captchas suggests that they're doing it slowly enough that they're probably just doing it by hand. Unlike the scripts I'd been used to (which would just hammer out POST requests to forms as fast as they could), some spammers are now loading pages on which the comment form resides, waiting a few seconds, and then submitting the spam with a sensible HTTP referrer -- it's as if someone is actually sitting there and copying-and-pasting spam. It seems really odd to me that someone is actually sitting there manually posting spam, though. Comment spam tends to come from a few areas of the world -- the poverty-stricken parts of Asia; Russia, Africa, and Latin America in particular -- and yet it's often hyping products in other parts of the world. Has anyone found what I'm thinking are US-owned shops paying third-world spammers? Is that what's actually happens? And other nonsense reigns. Some of the spam getting posted to my employer's site links to sites that, according to whois records, have never existed. A LOT of other spam has egregious formatting errors -- BBCode on a site that doesn't support it, or malformed links (mysite.com/www.spamsite.com) posted over and over again. It's like they're either so clueless that they have no idea that their spam doesn't work, or that they're just being paid by post or something and so they don't even care if the links work. Has anyone (not necessarily personally) ever tracked down exactly what this "industry" is up to? Even though it seems like a simple extension of e-mail spam, there's a lot of odd behavior that makes me think it's actually quite different, and now I'm really curious.
View Replies!
View Related
How-To: Find PHP Nobody Spammers!
Someone posted some code similar to below, I made modifications or two after trying to detect PHP "nobody" users, after dumping a few printenv I found PHP exports PWD when calling an external program such sendmail. Basically the PWD will show the user directory that is coming from, which is enough to detect who is sending SPAM even as nobody! It's not 100% secure in that they could wipe /var/log/formmail but I don't imagine any spam will notice the logger, they presume any cPanel server (or other CP for that matter) is the same. mv /usr/sbin/sendmail /usr/sbin/sendmail2 pico /usr/bin/sendmail (paste the below code into it) chmod +x /usr/bin/sendmail echo > /var/log/formmail chmod 777 /var/log/formail #!/usr/local/bin/perl # use strict; use Env; my $date = `date`; chomp $date; open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!"; my $uid = $>; my @info = getpwuid($uid); if($REMOTE_ADDR) { print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME"; } else { print INFO "$date - $PWD - @info"; } my $mailprog = '/usr/sbin/sendmail.real'; foreach (@ARGV) { $arg="$arg" . " $_"; } open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!"; while (<STDIN> ) { print MAIL; } close (INFO); close (MAIL);
View Replies!
View Related
Email Security From Spammers
I have two domains that I haven't set email up for yet. One is hosted on a good plan that uses cPanel. The other has some not-so-user-friendly interface. Either case, I haven't set up email because I don't know what to seperate between truth and fiction. I know of the front end measures of cloaking an email link to your site using hex or some other hack so it doesn't show up to spiders and bots. I also heard a rumor that using generic "webmaster@" on any domain is a surefire way for these bots to spam through. So is that true? Should I name my link like "thiswebmaster@" instead ? (or to that effect?) What can I do to prevent too much (relatively speaking I guess) spam coming in?
View Replies!
View Related
Spammers Impersonating My Domain
I'm receiveing tons of "Mail Delivery Failure" emails lately, like hundreds a day. Today I opened a few to check what's going on... And basically these emails say a message could not be delivery due to a random error. What intrigued me was that emails from my domain were the alledged sender or were on the reply-to field. Those email accounts not even exist under my domain. And the spam messages were not sent from my server as it's clear in the body of the delivery error email. So the situation is I have a spammer sending out thousands of emails a day impersonating my domain. You can see a copy of the emails I'm getting here: http://cl1p.net/delivery_error Why's the spammer doing this? Why the need to impersonate my domain? And how can I stop him? I think I might have a problem with my SPF rules, too loose! How to tighten it?
View Replies!
View Related
Htaccess Block Spammers
On my domain access logs, I see a spammer using many different IPs to join my top site list with fake emails. At the end of every line, it contains I am SPAMER! How can I configure htaccess to block this spammer when a request contains that text?
View Replies!
View Related
Spammers Ruining My Server
I just opened my "catch-all" email pop account that sends me everything addressed to my server that doesn't have an assigned email address. I check it every few days. Over 4,500 undeliverables. Someone is using mydomain as a phony return address in different forms (gleskit@mydomain.com, peterepred@mydomain.com etc.) If I got over 4,500 undeliverables, these lowlife creeps must have sent innumerable thousands or tens of thousands using my domain as a return address. What really stinks is that I've had a bunch of users complain that they're not getting usual auto-messages from my forum software. Come to find out that my domain is now banned from at least one major ISP, I'm guessing probably more by now. The website I run depends heavily on VOLUNTARY auto-communications and updates. For example, one mailing list I maintain have over 4,800 members who've signed up for updates. It uses other feeds and email functions as well. Am I to understand that any jackass spammer can hose a server this way, with no redress on the part of the innocent party? Also, how am I going to get back in the good graces of the ISPs and personal anti-spam programs that have now blacklisted my server for no reason? Besides contacting all of the larger ones personally, I wouldn't even know where to begin addressing this. Is it possible that some nasty geek with a spam program can just ruin a server in this fashion? Just checked the account again. In the ten minutes it took me to write the above post, I just got 54 more undeliverables.
View Replies!
View Related
Suspicious Overload And Spammers
I have a small VPS, with few websites each one with very low visitors in average less than100 visits per day CentOS 2.6.9 Plesk PHP 5.1.6 Apache/2.2.3 Few days ago some Forum spammers signed up to one of the forums. One of them: stopforumspam.com/ipcheck/212.178.2.3 Today I was away for few 5 hours after I came back I recived a notice from my script that "SMF could not connect to the database" I checked and I noticed almost all of my sites are not responding. MySql was working. A script on remote server which uses mysql from my server loaded but with dealy ------------------Next step------------------- log to SSH # uptime # 12:XX:XX up XXX days, 5:06, X users, load average: 10.58, 8.86, 5.86 my normal load is less than 0.9 -----------------check open ports --------------------------- netstat -nap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1936/couriertcpd tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 32447/mysqld tcp 0 0 0.0.0.0:106 0.0.0.0:* LISTEN 14307/xinetd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 9943/smbd tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1916/couriertcpd tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1840/couriertcpd tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN 9626/httpsd tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7645/httpd tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 14307/xinetd tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 14307/xinetd tcp 0 0 [MyServerIP]:53 0.0.0.0:* LISTEN 13619/named tcp 0 0 [MyServerIP]:53 0.0.0.0:* LISTEN 13619/named tcp 0 0 [MyServerIP]:53 0.0.0.0:* LISTEN 13619/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13619/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 13820/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 14307/xinetd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
View Replies!
View Related
|
TRACKER
