None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
[root@sm4 ~]# /root/qmHandle -m3261696
--------------
MESSAGE NUMBER 3261696
--------------
Received: (qmail 7056 invoked from network); 16 May 2007 05:34:18 -0500
Received: from axicom.net (HELO User) (67.112.176.250)
by 14.32.5446.static.theplanet.com with SMTP; 16 May 2007 05:34:18 -0500
Reply-To: <notice@boamilitary.com>
From: "Bank of America Military Bank"<notice@boamilitary.com>
Subject: Notification from Bank of America Military Bank
Date: Wed, 16 May 2007 04:44:51 -0700
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
I just googeling about the things come to know about the pop3 gateway (catch all). I want to know that what it is meant for and how to add it in my lx admin control panel account.
I have many domains on my mail servers using catch-all accounts. Due to this they receive a large number of spam and also the mail queue is always high. As a result, I have been thinking of disabling the catch-all account entirely on all the mail servers. I am however, not sure whether to do it or not. Are there any other companies which have disabled the catch-all facility in their mail servers? Shall I proceed towards disabling the catch-all facility?
Going through [url] Installing_Moodle I came to see the thumb rule of 1GB RAM for 50 concurrent users. While I do not think it is mentioned for VPS, it may imply around 15 concurrent users for 256 MB RAM. A cheap shared hosting can handle that easily without moodle chat. I have heard that VPS is more powerful than typical shared hosting. But, if it is only powerful for the root access but not for handling larger users then it looks like a dilemma situation.
I have recently been receiving reports from AOL's feedback loop that my server is sending out spam. I have checked the whole server, but cannot find anything strange.
There are some strange things with these feedback reports. I'll post a few lines below (i crossed out my domain with xxx):
Quote:
Received: from andersenreesel by holderem.xxx.biz with local (Exim 4.23)
Received: (qmail 64859 invoked by uid 24901)
Received: from janislanhami by xxx.biz with local (Exim 4.26)
Received: from raphaelpinkertone by standei.xxx.biz with local (Exim 4.23)
Received: from imanoldelphine by dispatched.xxx.biz with local (Exim 4.23)
Received: from conrado by hostic.xxx.biz with local (Exim 4.23)
The first issue i have is with the subdomains, like "dispatched", "standei", "hostic", etc. These subdomains do not exist on my system. Also, my server does not run the exim MTA.
Another issue i have is the "invoked by uid" statements with uid's 147 and 24901. These UID's do not exist on my system. The passwd file uid's go to around 110.
Apart from these strange things, the IP that is listed in the upper part of the headers:
Quote:
Received: from xxx.biz (xxx.biz [85.xxx.xxx.xxx])
The domain and IP address is correct there, which should indicate that the spam was sent from my system. Or wasn't it?
I host a vBulletin forum on a US server. I've been getting a lot of signups from one particular spammer, wanting to post about gold harvesting for WoW. I've blocked his IP's, however he keeps using proxies.
He constantly signs up under the name "Array"... Is there a way I can block him for good? I can't moderate user sign-ups, as I'm mostly away from my computer and can't moderate them all the time.
I am failed to catch this spammer, please help me to find out the source. There is no such domain on my server. User is using localhost in smtp, I am using mail enable standard on my server ....
My client currently have news website that gets around 2.5 million average hits (number of requests) per day. Currently the site is hosted on single enterprise class server in a local data center (in Asia). Some days with breaking news the traffic peaks up and the website become unresponsive for several hours. 60% of the traffic is local and the other 40% is mostly from US and Europe.
My client is on a best available server on his local IDC and the IDC doesn't have anything further to offer, hardware or technology wise. In the same time client doesn't want to drop the local IDC as the 60% of his traffic is local.
What are my options?
1. I'm looking for a multi processor server with 8GB ram/10K 2X400GB SAS HDD's. In general, do I really need this type of server to serve 1 million hits?
2. What type of providers that you recommend for the above requirement?
3. I mainly need to route the US/Europe traffic to a US server or at least blindly route 50% of the traffic to a US server. How do I do this?
-- 3.a. Can this be done with software load balancing or something like Round Robin world work? Or how do we do this?
-- 3.b. What type server Admin's or management providers who can help clients with similar service (see 3.a)?
how good is adding SPF to a host with catch-all emails in preventing spams. Web hosts suggest to turn off the catch-all emails. But what if there is need to turn catch-all emails, then does SPF record do a good job in preventing hacker from sending out emails that appear to originate our web host?
Now first I will say I have NO idea how such spamming works, how a punk can get on my server and sent emails out.
I have had a team to look at it they also did something, but now it happens again for the 5th time, what can i do, are there any software or tools one can use like a antivirus to check the server and how can I avoid such sh..
I just found posts every a few days from an apparent spammer "sagepowder" in my forum (not so popular and has nothing to do with skiing). The subject is always "new here".
The content is "Any snowboarders or skiiers on this forum? I am planning a trip to BC on a snowboarding trip next week" or "I am new here, just saying hello".
I checked the apache log and it doesn't seem to be a robot script posting this. i.e. it browses to the index page, picked up my hidden field that blocks robots, post new topic, the go back to index page.
What surprised me is that when I google this guy, I got 108,000 results with the same content on tons of forums! All with total post number of 1 or 2 on each forum: [url]
I recently moved web services for one of my hosted domains (let's call it example.com) from one server (let's call it .org) to another server (let's call it .net) example.com has been on .org for about 5 years. .org handled all example.com web services, and all email. I recently updated example.com's DNS record to point www.example.com and example.com to the .net server. I didn't change the MX record or mail.example.com to point to .net. Mail continues to be delivered normally to example.com on the .org server.
Except now spammers are hitting the .net server, e.g.
Is it normal practice for spammers to send dictionary attack based spam to a domain's server that doesn't even handle email? All the spam coming is clearly just random email addresses not based on anything that exsists at the domain, and most of the addresses are so very random I can't imagine they exsist anywhere.
For about a month or so now I have a domain I host under serious attack from what I think are spammers. It's a wordpress site, and they are getting big numbers of POST requests to the WordPress comments file, e.g.
Code:
POST /wp-comments-post.php HTTP/1.1 It's a well distributed attack, and I'm doing well with some scripts I wrote to block the requests to the wp-comments-post.php file. The real comment file has long since been moved, so any POST to the file gets firewalled. It's several thousand IPs from all over the place.
I don't believe it's a malicious attempt to bring the site down, but I'm guessing it's a blog comment spammer that has something set wrong and he's pounding this site to death by accident. I could be wrong on that though.
Sometimes my clients install untrusted scripts to their account what causes spamming, because these scripts sending high number of spam emails. Is there an automatically way to disable php mail function, or disable the account temporary?
URL....I trying to solve the problem fixing the psa.Parameters table, however i cannot find the relation between id on Parameters table and domains table.
I have several domains configured in my Plesk, and one of them is set as the "Detault site" under Home >> Tools & Setings > IP address management.This has the unpleasant side effect that any domain I point to this IP renders content from the Default site unless it's setup. How can I configure the default site to render content from only one domain?
existing account have enabled catch all account automatically & i don't know how?
Main >> Server Configuration >> Tweak Settings Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
currently it is tick marked on fail
And forwarders has been set to e.g jeetu@jeetu.info to domain automatically & also i don't how?
when i try to delete this forwarder its shown deleted successfully
Code:
Email Forwarding Maintenance
jeetu@jeetu.info's mail will no longer be redirected to jeetu.
then again i checked forwarder & found that forwarder is not deleted why?
what could be the problem?
due to this our clients are facing out of disk space running problem & they are not able to get future emails
1. now i want to disable catch all account for all existing accounts at one go
2. also i want to terminate forwarders for all existing users at one go Let me know how to do this
