Spammers Hanging My Mail Server
Feb 1, 2009
A spammer (probably www.powerball.com) is sending spams using one of my email addresses as his / her "from" address. This hanged my mail server last week and it took more than 60 hours to solve the problem.
My host replied me the problem was "You have over 100,000 emails in your mail queue due to a large amount of Frozen emails that were either deferred by the remote servers or sent to invalid addresses repeatedly".
From this morning, my emails are blocked again. I can't send / receive mails using any of my email accounts (from this server). I don't know how long this will take again to solve the situation, and I'm afraid that this may not be the last time.
Now I don't know what to do. Ideally, a logical solution could be to delete any bounced mail automatically (I'm using nutsmail + squirrel mail).
View 5 Replies
ADVERTISEMENT
May 22, 2009
We have been having some problems with one of our mail servers lately. Server is running Smarter Mail 4.x with declude.
Some spammers have been targeting this particular to send spam through this server. This putting lot of load on the server because declude is processing the SPOOL in Smarter Mail and spool goes upto 2000-20000 during the day. We have been checking the headers and blocking the IP's continuously of these spam but these people are using dynamic ip's. And it doesn't seem like single spammer. Content is quite different.
Blocking full ranges of certain IP Range helps though but then lot of legitimate mail is getting blocked as well.
Is there any good suggestion or a serious mail server admin who can have a look and actually sort it.
This is causing serious delays on our mail delivery through this mail server.
View 12 Replies
View Related
Mar 31, 2009
Hi, today i was banned from hotmail aparently someone enter our server to one account of one client and sent spam all over the net...
platinumservermanagement already told us the name of the account used and we change the password,
can you please tell me where can i check the out mail logs (am using centos & exim) to see if anyone else is sending out spam? or the number of emails sent?
View 0 Replies
View Related
Aug 13, 2008
I use cpanel.
Is there any way to disallow connections to SEND mail FROM my server to specific IPs? (Similarly to how you can limit connections to sshd from certain IPs)
I realize I cannot disable everything completely, as yahoo and the likes will have to connect to deliver mail. But no one of any use is going to try and connect to send mail, but a spammer.
No one has gotten in and abused it as of yet (knock on wood), but SMTP is being restarted at random and I can only imagine that this is being caused by one of these scumbags probably ddos'ing me. It takes eons to browse these logs, even if they restart via logrotate periodically!
View 3 Replies
View Related
Jul 28, 2007
I've got a client who seems to be having a problem with his e-mail on my VPS.
When he tries to download mails his browser(thunderbird) says 'Receiving one of 80' and hangs. The only solution is to go into webmail and delete some of the mails then try and receive them again. One thing that puzzles me is he doesn't have 80 mails in his account, he only have 33.
This isn't happening with anyone else who's using thunderbird and my VPS.
View 1 Replies
View Related
Nov 18, 2006
So I requested a total of 5 to 6 times for a reboot from my DC. Whenever I try to start my AFP firewall, it just hang my server. Even after I reinstall AFP and start it, it still hang my server! Is there any log file where I can keep track of the problem?
View 14 Replies
View Related
May 19, 2007
server hanging randomly
this is logs that i found
what is wrong with my server?
Quote:
May 19 15:35:02 hostname kernel: eip: c02d331b
May 19 15:35:02 hostname kernel: ------------[ cut here ]------------
May 19 15:35:02 hostname kernel: kernel BUG at include/asm/spinlock.h:133!
May 19 15:35:02 hostname kernel: invalid operand: 0000 [#1]
May 19 15:35:02 hostname kernel: SMP
May 19 15:35:02 hostname kernel: Modules linked in: md5 ipv6 parport_pc lp
parport ipt_state ipt_TOS iptable_mangle ip_conntrack_ftp ip_conntrack_irc ip_c
onntrack ipt_REJECT ipt_LOG ipt_limit iptable_filter ipt_multiport ip_tables aut
ofs4 i2c_dev i2c_core sunrpc dm_mirror dm_mod button battery ac uhci_hcd ehci_hc
d snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_pa
ge_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore 8139too mii sk
98lin ext3 jbd
May 19 15:35:02 hostname kernel: CPU: 1
May 19 15:35:02 hostname kernel: EIP: 0060:[<c02d357c>] Not tainted
VLI
May 19 15:35:02 hostname kernel: EFLAGS: 00010016 (2.6.9-42.0.10.ELsmp)
May 19 15:35:02 hostname kernel: EIP is at _spin_lock_irq+0x1d/0x35
May 19 15:35:02 hostname kernel: eax: c02e71c3 ebx: f5e6a934 ecx: c756be28 edx: c02d331b
May 19 15:35:02 hostname kernel: esi: f5e6a930 edi: 00000000 ebp: c756b000 esp: c756be2c
May 19 15:35:02 hostname kernel: ds: 007b es: 007b ss: 0068
May 19 15:35:02 hostname kernel: Process netstat (pid: 336, threadinfo=c756b000 task=cb03b330)
May 19 15:35:02 hostname kernel: Stack: ffffffff c02d331b cb03b330 f6481e98 f6481e98 00000246 00000002 f5e6a930
May 19 15:35:02 hostname kernel: f5e6a900 00000000 c756b000 c01652bf 00000000 00000000 00000000 c032e610
May 19 15:35:02 hostname kernel: c756bfc4 0000000b 0000000b c011d2e4 c014e529 ffffffff ffffffff c2015de0
May 19 15:35:02 hostname kernel: Call Trace:
May 19 15:35:02 hostname kernel: [<c02d331b>] rwsem_down_write_failed+0x32/0x160
May 19 15:35:02 hostname kernel: [<c01652bf>] .text.lock.exec+0xba/0xd7
May 19 15:35:02 hostname kernel: [<c011d2e4>] try_to_wake_up+0x28e/0x299
May 19 15:35:02 hostname kernel: [<c014e529>] do_no_page+0x2da/0x2f9
May 19 15:35:02 hostname kernel: [<c012b458>] __dequeue_signal+0x14c/0x155
May 19 15:35:02 hostname kernel: [<c012b476>] dequeue_signal+0x15/0x54
May 19 15:35:02 hostname kernel: [<c012cd3f>] get_signal_to_deliver+0x317/0x346
May 19 15:35:02 hostname kernel: [<c0105bd4>] do_signal+0x55/0xd9
May 19 15:35:02 hostname kernel: [<c01c3616>] __copy_to_user_ll+0x30/0x46
May 19 15:35:02 hostname kernel: [<c017553b>] seq_read+0x24a/0x2c2
May 19 15:35:02 hostname kernel: [<c0172c49>] dnotify_parent+0x1b/0x6e
May 19 15:35:02 hostname kernel: [<c015ae7d>] vfs_read+0xda/0xe2
May 19 15:35:02 hostname kernel: [<c015b06c>] sys_read+0x3c/0x62
May 19 15:35:02 hostname kernel: [<c011ae55>] do_page_fault+0x0/0x5c6
May 19 15:35:02 hostname kernel: [<c0105c80>] do_notify_resume+0x28/0x38
May 19 15:35:02 hostname kernel: [<c02d4966>] work_notifysig+0x13/0x15
May 19 15:35:02 hostname kernel: Code: 90 80 3e 00 7e f9 fa eb e8 89 d8 5b 5e c3 53 89 c3 fa 81 78 04 ad 4e ad de 74 18
ff 74 24 04 68 c3 71 2e c0 e8 24 f3 e4 ff 58 5a <0f> 0b 85 00 2e 62 2e c0 f0 fe 0b 79 09 f3 90 80 3b 00 7e f9 eb
May 19 15:35:02 hostname kernel: <0>Fatal exception: panic in 5 seconds
View 6 Replies
View Related
Feb 28, 2008
My video sharing site has high traffic, alexa rate:3,000
My site has 2 servers to split the load. 2 servers share a mysql server. Using rrdns to load the balance.
Server A running mysql 5.0,lighttpd
Server B running lighttpd.
Server B connect to A's mysql database.
During peak time. B can not connect to A's mysql server. It says server not responding. But A still running fine.
When I check mysql log file.
/usr/libexec/mysqld: Forcing close of thread .....
And when run top, the load average is 20.
The spec of Server A
Intel(R) Xeon(TM) CPU 3.06GHz dual core.
2G Ram.
Here is the my.cnf
Quote:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
max_connections = 1000
wait_timeout=60
connect_timeout=10
interactive_timeout=120
join_buffer_size=1M
query_cache_size=128M
query_cache_limit=2M
max_allowed_packet=16M
table_cache=1024
sort_buffer_size=2M
read_buffer_size=2M
My question, do I need another maching C to run lighttpd, and just keep mysql on A.
Or I can do some mysql optimization on A.
Also, if my site keeps going, can I have 1 mysql server and 5 http servers?
View 11 Replies
View Related
Aug 9, 2007
I just opened my "catch-all" email pop account that sends me everything addressed to my server that doesn't have an assigned email address. I check it every few days.
Over 4,500 undeliverables. Someone is using mydomain as a phony return address in different forms (gleskit@mydomain.com, peterepred@mydomain.com etc.) If I got over 4,500 undeliverables, these lowlife creeps must have sent innumerable thousands or tens of thousands using my domain as a return address.
What really stinks is that I've had a bunch of users complain that they're not getting usual auto-messages from my forum software. Come to find out that my domain is now banned from at least one major ISP, I'm guessing probably more by now.
The website I run depends heavily on VOLUNTARY auto-communications and updates. For example, one mailing list I maintain have over 4,800 members who've signed up for updates. It uses other feeds and email functions as well.
Am I to understand that any jackass spammer can hose a server this way, with no redress on the part of the innocent party? Also, how am I going to get back in the good graces of the ISPs and personal anti-spam programs that have now blacklisted my server for no reason?
Besides contacting all of the larger ones personally, I wouldn't even know where to begin addressing this.
Is it possible that some nasty geek with a spam program can just ruin a server in this fashion?
Just checked the account again.
In the ten minutes it took me to write the above post, I just got 54 more undeliverables.
View 6 Replies
View Related
Oct 19, 2007
I think someone has successfully make my server to send out emails. Why i know this?
it's because I saw many return emails saying that the emails sent out to their inbox are consider spam. I mean a lot for instance within 1 second, there are more than 10 mails.
Can someone help explains me how I can find the culprit and fix the problem?
View 14 Replies
View Related
Oct 4, 2007
We are hosting a site on w2k3 server and every couple of days it just hangs. type in the url and it will not load, it timesout then u see the typical 404 error page.
We have about 150 websites hosted on the same server, it just happens to this one.
Restart the application and its back up like it's never been down, speedy and running smoothly. I have tried looking for memory leaks, i've put it in its own application pool and it still happens.
Our client is getting frustrated by this and so are we with ourselves for not being able to resolve it.
View 2 Replies
View Related
Jul 7, 2008
I have a VPS in which mails are hanging in Mailqueue. When I use these commands at SSH(iptables -D OUTPUT 2 iptables -D OUTPUT 1 ), every thing goes fine and mails are started delivering but after 8 or 9 hours same problem occurs.
So my question is:
Can there be a permanent solution for this problem?
View 8 Replies
View Related
Mar 27, 2008
Ordered a server from a reseller and they informed me that they are no longer reselling dealing with this company.
This was just after i had moved all my sites over to them after numerous problems with setup.
I had just paid an admin to do the transition........its a free site benefiting animal causes. So my budget is smallie
of course the TOS states no refunds....but they provided the wrong hardware on two occasions.....
im not sure if i have any recourse....
View 8 Replies
View Related
Oct 12, 2012
During downloading the files for the upgrade, it is hanging at downloading the following file:
plesk.msi
When I look at the C:ParallelsInstallerparallelsPANEL-WIN_11.0.9dist-msi-Microsoft-2003-i386 I see that the file is .tmp and cannot be deleted.
I do not know how to stop the upgrade, delete the .tmp file and download the files again.
View 2 Replies
View Related
Dec 23, 2014
After the micro update, the database copy function started to hung even just for copying database with 4 tables with less than 10 rows of recrods. Although I followed the link below to remove the hung database copy and remove the unfinished database copied. URL....However, no successful database was copied at all even after the timeout was adjusted.
View 1 Replies
View Related
May 17, 2009
Any thoughts, or opinions are welcome. Looking for options on how to stop this.
Recently I've started receiving spam that appears to originate from a hosted domain on my VPS. It appears to only be an issue with this website account and not the VPS generally.
I've disabled the IMAP service to ensure the spam was not being sent from the server. The spam continues which leaves the POP email accounts as a possibility or something else.
My hosting provider says it looks like email spoofing.
Someone seems to be using the address at foobar.com to send out spam. The method that he has employed is called email spoofing. Email spoofing is the practice of changing your name in email so that it looks like the email came from somewhere or someone else. However, you need not be concerned.
Individuals, who are sending "junk" email or "SPAM", typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator. The spammer is not using our server to send out spam, hence your email address will never be blacklisted.
There is really no way to prevent receiving a spoofed email. Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.
The following are headers of two spam emails. Both of these addresses are setup as forwarders and not actual email accounts. The spam came to our attention because it is being sent to addresses on foobar.com with headers as also originating from foobar.com
I changed the actual names for privacy
host.vpsdomain.com [123.123.123.123] - VPS domain
foobar.com - website account on VPS
myemailaccount@gmail.com - address foobar forwarders send to
Delivered-To: myemailaccount@gmail.com .....
View 1 Replies
View Related
Jan 26, 2007
It looks like someone spammng from our server. I have checked exim_mainlog and got the this info.
2007-01-23 03:12:32 1H99Fz-0004wl-RV => erio@erio.com R=lookuphost T=remote_smtp H=mail.erio.com [217.220.27.241]
2007-01-23 03:12:40 1H99Fz-0004wl-RV => brown2525@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> beth46@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> dstanfie@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> harris3943@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> yumyyelow@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> gloverlm@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> debilu@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mosleyclan4@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> 61369@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> melabong@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> k_mcmull@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> anniern@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> bannaj1@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> lizzied@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> gillumd@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> pfeiferk36@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mommyof2@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> tongem@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> whitsonswrecker@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mmal63@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> goosynina1@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> malenat@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> jlhk@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> tawndawn@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> usnssn@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> crazybutcute0304@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> thomas0421@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mercibw@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> crouch1966@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> pj16@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> alba93@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> sassyd69@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> bettysue57@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> jimfiscus@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> nvonalme@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> breweragency@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> annaksimpson@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
In the log file is showing like this.
2007-01-22 19:11:24 1H99Fz-0004wm-Vp <= <> R=1H99Fz-0004wl-RV U=mailnull P=local S=605030
2007-01-22 19:11:24 1H99Fz-0004wl-RV <= stlawson100@yahoo.com.hk U=churchre P=local S=3558 id=23894.217.194.149.171.1169511083....el@65.xx.xx.xx
I couldn't find who is sending.
View 14 Replies
View Related
Dec 15, 2007
problem with spammers.. i installed bruteforce attack and apf but spammers still trying to use my mail server to spam.. bfa sending me 20-30 warning emails everyday like
Quote:
The remote system 200.83.230.214 was found to have exceeded acceptable login failures on xxxxxx; there was 62 events to the service exim. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.
Executed ban command:
/etc/apf/apf -d 200.83.230.214 {bfd.exim}
The following are event logs from 200.83.230.214 on service exim (all time stamps are GMT -0600):
this spammers causing to load cpu very hi and freeze my server sometimes.
is there any way i can setup to only allow authenticated users to access the mail server. or any idea..
im not a hosting company hosting my websites and im a poor guy can't hire server admin.. and i have search it on google could'nt found anything..
View 5 Replies
View Related
Jun 30, 2008
I was wondering if anyone has any methods to stop spammers? Currently i am keeping watch on the mail queue and making sure nothing unsual. I have in WHM configuration setup to not allow more 200 mail messages per account per hour but for some reason it will hit thousands. WHMCS does seem to suspend them automatically or maybe its because of WHM BUT only when its too late.
Any thoughts or suggestions?
View 9 Replies
View Related
Nov 8, 2009
I have found some spammer hotlinking to my images to get his site crawled, I have modified the .htaccess to attempt and serve his hotlinking domain with a warning but it does not work...
My actual .htaccess file is the one below (it was created by wordpress automatically):
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I am adding these lines right below:
--------------------------------
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+.)?spammerdomain.com/ [NC,OR]
RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]
------------------------------------
My questions...
I dont kmow too much what I am doing, following the tutorial here, http://altlab.com/htaccess_tutorial.html but the problem is that my .htacces already contains something created by wordpress that to me looks like garbage as I don't understand the meaning.
I dont know if I should add the lines inside the <IfModule mod_write.c> or outside them as I have done.
I dont know if it is ok to have two times Rewrite Engine On
PS: When I added the lines I describe above, my site also stopped displaying the images, I had stopped everyone including myself from hotlinking them. I only want to stop certain domain. or even better, my ideal solution is to WHITELIST my domain names (I have two using hotlinkg to those images), but I will settle for blacklist if it is easier.
View 9 Replies
View Related
Jun 2, 2009
Have a persistent spammer who kept emailing my clients, even non existent domain accounts and getting the bounced emails to be send to a particular yahoo address. I tried to block in all ways but can't seem to stop him. His spams are from all over the world. Any suggestions?
View 3 Replies
View Related
Jun 3, 2007
I have someone on my server who likes to send spam emails. How would I go about catching this person?
View 13 Replies
View Related
Jan 29, 2008
I was on my visitors on AWstats, and when looking up most of the top IPs (the ones that viewed the most pages), most of them were associated with IANA, and tagged as spam/hacker IPs.
Of course, I've blocked all of those IPs with my .htaccess file, but how can I further protect my server from such threats? How can I rid my server of these spammers/hackers?
View 3 Replies
View Related
Apr 9, 2004
Someone posted some code similar to below, I made modifications or two after trying to detect PHP "nobody" users, after dumping a few printenv I found PHP exports PWD when calling an external program such sendmail. Basically the PWD will show the user directory that is coming from, which is enough to detect who is sending SPAM even as nobody! It's not 100% secure in that they could wipe /var/log/formmail but I don't imagine any spam will notice the logger, they presume any cPanel server (or other CP for that matter) is the same.
mv /usr/sbin/sendmail /usr/sbin/sendmail2
pico /usr/bin/sendmail (paste the below code into it)
chmod +x /usr/bin/sendmail
echo > /var/log/formmail
chmod 777 /var/log/formail
#!/usr/local/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME";
}
else {
print INFO "$date - $PWD - @info";
}
my $mailprog = '/usr/sbin/sendmail.real';
foreach (@ARGV) {
$arg="$arg" . " $_";
}
open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!";
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);
View 14 Replies
View Related
Jul 31, 2007
trying to find a spammer on my system, who just sent out and is still sending out 4000+ emails...
i have a centos vps with whm.
looked at exim_mainlog, there's nothign telling. the message body is visible, but the links it points to arent' hosted by me. there is no return address, its sending mail as nobody. phpsuexec is not an option.
View 6 Replies
View Related
May 14, 2007
I need to know the ways I can distinguish spammers on my server and how to stop spamming.
View 10 Replies
View Related
Nov 3, 2009
I have deciated windows 2008 server and from last 2 days there is some thing which is using our smtp server to send spam its like we get thousand of spam emails qued in our outbound que, although our security is really high, such as smtp authtenication (open relay) and other options are already enable and we ran anti virus scan too but nothing found.
I wonder if there is anyone else out there who face such problem and how did you stop?
View 6 Replies
View Related
May 9, 2009
As hosting providers, it is important to follow the standard industry supported AUP/TOS agreements to keep spammers in their place. Do you believe spammers should be able to buy their way to hosting? Some hosting providers have allowed spammers to stay by allowing them to pay a premium hosting fee.
View 14 Replies
View Related
May 13, 2007
I have WHM 11.1.0 cPanel 11.2.1-C11635
FEDORA 4 i686 - WHM X v3.1.0
PHP Version 4.4.4
I'm not sure what my apache version is.
I want to try this:
http://www.webhostgear.com/232_print.html
It says it's for Apache 1.3x, PHP 4.3x
Will that work on my server? Will it be safe to try?
View 8 Replies
View Related