Server Email Blocking <?>
Mar 9, 2008
I recently signed up a new client to my dedicated server - The minute they switched over to my server, it seems that all hell broke loose. (I'm going to refer to them as "Company A")
Company A called me up and said that one of their employees was getting a huge amount of SPAM and that after a day or two, they were having issues with their E-mail.
I looked at my logs and it showed something unusual-
LOGIN FAILED, user=myclientuser@companya.com, ip=[::ffff:XX.XXX.170.47]: 110 Time(s)
When I explained this to Company A, they ran some virus checks on their computers and 3 out of 5 computers had viruses on them.
They claim to have fixed the viruses but now, they cannot send e-mails to specific clients.
I checked their I.P. against blacklists and they are using Comcast cable internet at their location and I cleared their only blacklisting (spamhaus.org).
I'm still getting calls that Company A cannot e-mail a few of their clients and just to make sure it's not JUST them, I tried to send a test e-mail to the same clients as Company A.
The e-mails from me were rejected due to time-out.
HERE IS MY QUESTION:
Is this an issue on MY end that must be taken care of *OR* is it due to the fact that they had viruses on their computers and now they are blocked because the virus tried to attack everybody in THEIR e-mail address book?
None of my other clients are complaining of e-mail issues or that e-mails are getting kicked back. Just Company A.
View 4 Replies
ADVERTISEMENT
Jul 6, 2007
I have 4 VPS with CPanel at knownhost.
I realized that whenever i send an email to hotmail it gets at their spam box.
Is there a way to solve this? Do you know how can i contact hotmail?
View 7 Replies
View Related
May 4, 2008
I've been carrying some weird hours lately, so I'm able to see activity on my sites that I normally don't see.
Certain IPs are trying to diddle their things into my server and need the boot. It's not consistent (ie not happening every 5, 10 mins)... it's periodically throughout the months. I'll see an IP I blocked 2 months ago just randomly show up at 4:30am and try accessing the same files it was probing during it's last visit. Assuming this is just some sort of bot, can I block it permanently?
I know APF has a collection system that purges an IP list to keep it from bloating, and I had PSM do some hardening so I'm not entirely sure about the workings of APF firewall. So far my IP blocks are blank (which is a good sign!), but I'd like to add some nuisances to it, to keep their crap from appearing in my error logs anymore as "Denied by Server Configuration"
My question is: Can I block people at server level permanently? I do not want their IP being taken out with the purge list that comes by every so often.
View 4 Replies
View Related
Nov 20, 2008
My server is getting a lot of spam robots registering as fake users into my forums (altho most emails are invalid
View 2 Replies
View Related
May 21, 2008
If your server is blocking googlebot from finding your robots.txt file, how do you configure your firewall to unblock it?
I've searched through Google and I've seen may people just say your firewall is blocking it, but none mention how to really stop it from doing that. Like does Google have an IP it uses, and if so, what is the IP you should whitelist for your server?
As I keep getting that message: Network unreachable: robots.txt unreachable
and I'm sure it's due to a firewall issue, just have no idea how to fix that.
View 5 Replies
View Related
Feb 26, 2007
I was wondering if it is possible to block traffic to and from a server with iptables.
Like for example a user transferring files with his ftp client to another server x.x.x.x (FXP)....
been trying with these rules here:
iptables -IINPUT -s x.x.x.x -j DROP
iptables -I OUTPUT -s x.x.x.x -j DROP
iptables -I FORWARD -s x.x.x.x -j DROP
But still the user can transfer to the server destination...
View 0 Replies
View Related
Jul 10, 2007
I have a wierd problem on my server. I'm updating an order with my php shopping cart script and notice some of the orders hang on updating. After research I discovered the orders that wont update are orders that have domain names in the textarea field. More specifically. www.yourdomain.com will just hang if I try to update them.
After further research I discovered the if I put an backslash it'll update no problem. IE: www.yourdomain.com
This only happens with domain names inside a textarea. I'm not sure if it's a php config setting, apache setting, my firewall, mod_evasive, mod_security. I've looked at all of them and can't seem to find what is blocking the script from updating just because of www.domainname.com in a textarea.
View 7 Replies
View Related
May 27, 2009
Is there any way to block or monitor and find scripts such as rapidleech and other torrent upload scripts on a cPanel server?
View 2 Replies
View Related
Feb 1, 2008
how can i remove list of blocking IPs on iptable on my server its over 100 IPs how can i remove it?
View 2 Replies
View Related
Aug 14, 2007
This topic has probably been covered many times. I am trying to block spam bots from direclty accessing scripts on my site. Measures I have taken thus far, also block my site pages that want are designed to use the scripts. This includes Hot Link Protection and a couple of directives in the .htaccess file.
how I can block direct access to my scripts?
View 0 Replies
View Related
Apr 13, 2015
Every time my server tries to send mail to Gmails/yahoos - they reject it with the following message:
Code:
Apr 13 11:35:49 m1370 plesk sendmail[5009]: handlers_stderr: PASS
Apr 13 11:35:49 m1370 plesk sendmail[5009]: PASS during call 'limit-out' handler
Apr 13 11:35:49 m1370 plesk sendmail[5009]: handlers_stderr: SKIP
Apr 13 11:35:49 m1370 plesk sendmail[5009]: SKIP during call 'check-quota' handl er
Apr 13 11:35:49 m1370 postfix/pickup[1759]: C90FA61668: uid=48 from=<apache>
[Code] ....
I tried Qmail, same issue
Code:
Hi. This is the qmail-send program at m1370.contabo.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. It didn't work out.
<emailhere@gmail.com>:
2a00:1450:4013:0c00:0000:0000:0000:001b failed after I sent the message.
[Code] .....
Centos 6.6 + Plesk 12 Web Pro Edition
My server certainly did not spam Gmail servers, (my old server works fine sending email t gmail) I fear this has something to do with my "Postfix" configuration.
View 1 Replies
View Related
Jun 24, 2008
I currently have a domain on Server 1 (Linux, Apache, Ubuntu, Matrix control panel).
This server does not have any spam filter, so I have moved all the email accounts to Server 2 (Linux, Apache, Fedora Core, Plesk) which does have a brilliant spam filter; and have changed the DNS record for mail.domain.com to the IP address for Server 2.
Emails are being successfully received on Server 2.
On Server 1, when an email is sent through SMTP to an address at that domain, it does not send it to Server 2, it gets delivered to the hosting account for the domain on Server 1. So what I am guessing is happening is that Server 1 detects the domain has an account on the server, and instead of looking up the DNS info for that domain, just assumes it is on Server 1.
What I need to do, is force Server 1 to send email for that domain to Server 2. Is this possible, and if so, how can it be achieved? If more info about the server is required for a solution please let me know and I'll provide what I can.
View 5 Replies
View Related
Jun 30, 2007
I have a client who has his own hosting account, and wants to leave his e-mail on his own hosting account, but his website on my hosting account.
On his own hosting he has created a sub domain called shop, and pointed its A record to the IP address of my server. On my server I've setup his domain name, and created the sub domain shop. That all works fine.
The problem I have is that the site under the shop domain needs to send an e-mail to sales@hisdomain.com. Now my server thinks the main domain is setup on my server, so it sends the e-mail to itself.
I'm justing wondering how I can get the server to point the mails back to his hosting?
A previous host I've used said they had to add the domain as a remote domain on the server, then they had to make some changes to /etc/localdomains because I was getting errors trying to send mails to the address.
View 1 Replies
View Related
Apr 5, 2007
I've had it with EV1. On any given day we get 30-50 BFD attacks from their servers. That doesn't include the dozens of other types of attempts per day our IPS/IDS catch. We've also traced back client servers that were hacked directly via EV1 servers.
It's obvious that EV1 does little or nothing to stop these issues. We spoke to the FBI about these issues and their comments lead me to believe that EV1 is one of the major sources of these issues and that EV1 has shown little or no effort to curb the problem or cooperate in stopping the issue.
We have elected to now block all all EV1 IPS.
Drastic measures, not really. If they won't take care of their own problems I no longer want them dumped at my door step. I think other hosts might want to think about this.
View 14 Replies
View Related
Apr 28, 2007
At the moment it will block people who login with the wrong username/password 5 times. it also blocks people if they do the wrong email settings.
Is there a way to turn the pop3/email blocking off?
View 3 Replies
View Related
Dec 3, 2006
I am hitting a limit on number of POP signons per hour imposed by my host. I host maybe 10 domains on this account and have 4 or 5 email addresses to monitor for each domain. If I check once every 15 minutes I run up against a limit on the number of POP3 signons permitted by my ip. Add this to having multiple mail clients behind a NAT router and I am beginning to have real problems.
Does anyone else have this issue? Is my only workaround to forward all email to a single account or install a local mail server? Does 100 POP signons an hour from a single IP sound like a lot to anyone? Any advice?
View 6 Replies
View Related
Jul 19, 2008
Let's say you want to protect againts hacking,and using method with simply blocking loading url.So let's say someone hacked your index.html and changed links to lead to his domain.com.Is it possible to block what would be loaded on site ?(to prevent possible future hacking intrusions)
View 6 Replies
View Related
Nov 28, 2008
I have 2 server one is Linux server+Cpanel+CSF firewall where my site is running and one is windows server where my exchange mail server is running .Now thing is that when anyone send mail through my web site (after filling contact form) to me it doesn't come to my email id but when i stop my firewall and then i check contact form and fill it the mail goes to my mail id.
I have php script with SMTP authentication.
which port is blocked in my firewall and after disabling firewall it work.how can i check when firewall is on that time why mails are not coming in my email id that time which port is blocked by firewall.
Allow Port in firewall:-- 25,80,20,21,465,443,110,143
View 10 Replies
View Related
Jul 5, 2007
seems one of my sites has been added to some mega "toplist" site thats bringing in fake traffic to my site which is basically like a DOS attack - over 1000 connections.
coming from
[url]
[url]
[url]
linking to a php file in one of my accounts which has since been removed. however still getting a heck of a lot of hits, they probably all see 404 messages which still causes load on my server.
any suggestions how to fix this? the traffic is referred from above urls but hundreds of ip addresses. is there anyway to blacklist the referrer so people are just blocked, period?
View 6 Replies
View Related
Oct 6, 2007
Running freebsd with pf, and was wondering if there's anything like www.fixingtheweb.info for pf instead of IP tables? Otherwise it'll be a long day
View 1 Replies
View Related
Apr 14, 2007
I had a few sites hacked today. I'm using phpbb (all updates) and, apparently, the only thing they did was to drop the database and replace it with one featuring a single post "advertising" their hacker group. I tried bringing everything back on-line, but they would just attack again and take it down quickly... I'm thinking it's probably just some script kiddies.
They announce themselves as "turkish hackers". Browsing around for their message, I found they attacked quite a few sites. What I was thinking, to help preventing this from happening again, is to ban all visitors from Turkey (none of these sites has a need for them, as they're aimed at a local audience).
Can I do this simply by using "deny from .tr" in htaccess? Or are there any more steps to be taken?
View 6 Replies
View Related
Nov 7, 2007
I have my server set up with the smtp daemon running on port 125, and assp listening on ports 25 and 26, and forwarding to port 125 if the mail passes. This setup has been working for months and months. Already today I've received several emails.
I just attempted to send an email, however, and thunderbird could not connect to port 26. (I use an alternate port because my ISP blocks port 25 except to their mail servers)
So I thought that assp had stopped running. Attempted to go to myip:55555, but the page would not load. Now I really thought assp was broken. SSH'd into server and was able to telnet to localhost, port 26 without an issue. Was also able to lynx [url] without an issue.
Since I'm able to log in to all of these weird ports via SSH but not from my local computer, I'm apt to think that they are blocking the ports (for some reason).
Is there any way I can test this theory? Nothing has changed on my side firewall-wise, and the poor girl at the ISP company didn't even know what a port was. I would like to be 100% sure before I give them another call demanding to speak to someone higher up...
View 5 Replies
View Related
Feb 10, 2007
how to ban our blocking IP Location in my server like country range?
and how can i know the IP's country range?
View 5 Replies
View Related
Jul 20, 2007
as per apf firewall issue
Jul 17 02:03:02 duck kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:01:02:c9:94:20:00:90:69:8a:f3:f0:08:00 SRC=192.168.1.43 DST=192.168.1.220 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=40428 DF PROTO=TCP SPT=37079 DPT=3306 WINDOW=5840 RES=0x00 SYN URGP=0
i already added 192.168.1.43 ip in allow list.
tcp:in : d=3306 : s=192.168.1.43
d=3306 : s =192.168.1.43
tcp: out : d=3306 : s =192.168.1.43
# added 192.168.1.43 on 07/19/07 01:15:21
192.168.1.43
But ip is still blocking traffic while monitor mysql....
View 3 Replies
View Related
May 24, 2007
APF firewall is blocking IP's from the allowed range
I have this inserted in /etc/apf/allowed_hosts.rules and restarted APF of course
67.79.221.0/24
70.112.124.0/24
70.113.54.0/24
It still blocked this IP for example, 67.79.221.154
Anyone know why?
View 4 Replies
View Related
Jul 11, 2009
I have a virtuozzo VPS with CSF. People can't connect to ftp because the firewall is conflicting with iptables. I looked at the csf guide:
[url]
To correct it, the ftp issues states:
Quote:
For example, with pure-ftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/pure-ftpd.conf and then restart pure-ftpd:
PassivePortRange30000 35000
Where is pure-ftpd.conf? Do I have to install it or something?
View 8 Replies
View Related
May 14, 2009
I have a client who needs to block IP range on a windows server. However, he is using Cloud hosting from Rackspace. I guess they are not being corporative in doing so. Anyway to do this without root? Perhaps from the control panel?
View 4 Replies
View Related