Spammers Trying To Connect To Mail Server & Filling Logs
I use cpanel.
Is there any way to disallow connections to SEND mail FROM my server to specific IPs? (Similarly to how you can limit connections to sshd from certain IPs)
I realize I cannot disable everything completely, as yahoo and the likes will have to connect to deliver mail. But no one of any use is going to try and connect to send mail, but a spammer.
No one has gotten in and abused it as of yet (knock on wood), but SMTP is being restarted at random and I can only imagine that this is being caused by one of these scumbags probably ddos'ing me. It takes eons to browse these logs, even if they restart via logrotate periodically!
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
Exim Mail Out Logs (checking For Spammers On Server)
Hi, today i was banned from hotmail aparently someone enter our server to one account of one client and sent spam all over the net... platinumservermanagement already told us the name of the account used and we change the password, can you please tell me where can i check the out mail logs (am using centos & exim) to see if anyone else is sending out spam? or the number of emails sent?
View Replies!
View Related
Smarter Mail - Spammers Targetting Mail Server Using Dynamic Ip's
We have been having some problems with one of our mail servers lately. Server is running Smarter Mail 4.x with declude. Some spammers have been targeting this particular to send spam through this server. This putting lot of load on the server because declude is processing the SPOOL in Smarter Mail and spool goes upto 2000-20000 during the day. We have been checking the headers and blocking the IP's continuously of these spam but these people are using dynamic ip's. And it doesn't seem like single spammer. Content is quite different. Blocking full ranges of certain IP Range helps though but then lot of legitimate mail is getting blocked as well. Is there any good suggestion or a serious mail server admin who can have a look and actually sort it. This is causing serious delays on our mail delivery through this mail server.
View Replies!
View Related
Exim Mail Queue Filling Up With Bounces
In my Exim mail queue, there are around 33,000 messages, all of which appear to be "Mail delivery failed: returning message to sender" messages. The reason for these bounces is because spam is being continuously sent to non-existent addresses on my domain.
View Replies!
View Related
Spammers Hanging My Mail Server
A spammer (probably www.powerball.com) is sending spams using one of my email addresses as his / her "from" address. This hanged my mail server last week and it took more than 60 hours to solve the problem. My host replied me the problem was "You have over 100,000 emails in your mail queue due to a large amount of Frozen emails that were either deferred by the remote servers or sent to invalid addresses repeatedly". From this morning, my emails are blocked again. I can't send / receive mails using any of my email accounts (from this server). I don't know how long this will take again to solve the situation, and I'm afraid that this may not be the last time. Now I don't know what to do. Ideally, a logical solution could be to delete any bounced mail automatically (I'm using nutsmail + squirrel mail).
View Replies!
View Related
Telnet Can't Connect To Mail Server
I can't telnet to mail server. when I try # telnet mail.domain.com 25 Trying xxx.xxx.xx.xx... telnet: connect to address xxx.xxx.xx.xx: Connection refused telnet: Unable to connect to remote host: Connection refused but when it's # telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.domain.com ESMTP it connects. I don't have a firewall
View Replies!
View Related
Mail Server Taking Too Much Time To Connect
For some reason, one of the servers can't connect to my mail server. Whenever a user tries to send email from that server to my server, the message won't go through and I see the following in the logs (var/log/exim/mainlog): 2007-02-13 23:56:06 SMTP connection from (***.ca) [***.***.***.***] lost while reading message data (header) this problem occurs only with this ***.ca mail server (as far as I know). In fact, trying dnsreport.com tool on any of my server domains, I am getting the error message "ERROR: I could not complete a connection to any of your mailservers! ******.com: Timed out [Last data sent: RCPT TO: ] If this is a timeout problem, note that the DNS report only waits about 40 seconds for responses, so your mail *may* work fine in this case but you will need to use testing tools specifically designed for such situations to be certain.
View Replies!
View Related
/tmp Filling Up
I've been receiving emails from cPanel telling me that the /tmp partition is filling up. Right now it's at 6%, but I run a couple of crons early in the morning (mysqlcheck, then a backup of my databases). It seems like whenever mysqlcheck runs, the /tmp partition comes close to filling up. My partition scheme is like this: / | 1.5G /usr | 7.7G /var | 7.7G /tmp | 494M /home | 210G /backup | 230G When my server was set up, my host (dedicatednow) partitioned /home to be 210 GB, leaving little extra space for everything else (/backup is a separate drive). /home is only 1% in use. They're telling me that the only thing that can be done is to reformat the entire drive and choose a different partition scheme... is that true?
View Replies!
View Related
Spammers Ruining My Server
I just opened my "catch-all" email pop account that sends me everything addressed to my server that doesn't have an assigned email address. I check it every few days. Over 4,500 undeliverables. Someone is using mydomain as a phony return address in different forms (gleskit@mydomain.com, peterepred@mydomain.com etc.) If I got over 4,500 undeliverables, these lowlife creeps must have sent innumerable thousands or tens of thousands using my domain as a return address. What really stinks is that I've had a bunch of users complain that they're not getting usual auto-messages from my forum software. Come to find out that my domain is now banned from at least one major ISP, I'm guessing probably more by now. The website I run depends heavily on VOLUNTARY auto-communications and updates. For example, one mailing list I maintain have over 4,800 members who've signed up for updates. It uses other feeds and email functions as well. Am I to understand that any jackass spammer can hose a server this way, with no redress on the part of the innocent party? Also, how am I going to get back in the good graces of the ISPs and personal anti-spam programs that have now blacklisted my server for no reason? Besides contacting all of the larger ones personally, I wouldn't even know where to begin addressing this. Is it possible that some nasty geek with a spam program can just ruin a server in this fashion? Just checked the account again. In the ten minutes it took me to write the above post, I just got 54 more undeliverables.
View Replies!
View Related
Spammers Use My Server To Send Out Email
I think someone has successfully make my server to send out emails. Why i know this? it's because I saw many return emails saying that the emails sent out to their inbox are consider spam. I mean a lot for instance within 1 second, there are more than 10 mails. Can someone help explains me how I can find the culprit and fix the problem?
View Replies!
View Related
Exim Mail Server :: Your Outgoing SMTP E-mail Server Has Reported An Internal Error ...
I getting this error when our clients are sending mail from outlook but they are able to send mail from webmail. we are using exim mail server and whm . i can't understand where is problem , anybody can help me ? Sending' reported error (0x800CCC6A) : 'Your outgoing (SMTP) e-mail server has reported an internal error. If you continue to receive this message, contact your server administrator or Internet service provider (ISP). The server responded: 451 Please try again later.
View Replies!
View Related
Server Crash No Logs
we have dual xeon linux server redhat 9 / cpanel we have a strange crash .... you cant access ftp /ssh / httpd ... i need to request a server reboot to get access ... and everything after this run ok... i have check message log .. nothing in it for example 10:20:10 ftp log 11:15:60 rebootlog also the same in httpd log ... so as you see there is a gab between the server crash till reboot.... this happen 3 times till now ...
View Replies!
View Related
Download Server Logs To My Windows PC
My server is Fedora Linux. I access it via Putty using SSH. I find it a pain to look through the logs using PICO since it won't scroll and I'm a slight linux mainly windows guy. Is there a way to either copy the whole log at once over to notepad or something or to download the file to my local PC? Then I could go through it much easier. I tried using copy in putty but that only copies the screen and these logs can be huge sometimes.
View Replies!
View Related
How Can I Connect More Than Server With One Domain
i want to know how EXACTLY connect more than server with one domain i will explain what i want [note : sites & ip all for example below] i have a site name [company name] is www.comanyname.com and i have two servers [client servers] with the following dns server 1# ns1.companyname.com pointed to ip 192.168.1.1 ns2.companyname.com pointed to ip 192.168.1.2 server 2# ns3.companyname.com pointed to ip 10.0.0.1 ns4.companyname.com pointed to ip 10.0.0.2 now i want to make a NEW domain name like www.companynamedns.com and i want this domain hold all client's servers [want to spilt the company dns of the client dns], like ns1.companynamedns.com ns2.companynamedns.com ns3.companynamedns.com ns4.companynamedns.com vip.companynamedns.com s1.companynamedns.com i can make any name server like i want, so the first thing it must to be all server's ip that i want to connect to the domain companynamedns.com in www A record and mx record too and if u ping to companynamedns.com every time it give you random ip [cuz i put www a record for more than server with same one domain name] so this way not very cleard for me and i want to know how can i add the www a record? should i create a dns zone in any server but this entry in one server in whm [note i use cpanel/whm]? and put the www A record with new domain name companynamedns.com for every time i get a new server like i add www A record this companynamedns.com 1 A 192.168.1.1 14400s companynamedns.com 1 A 10.0.0.1 14400s companynamedns.com 1 A 10.10.10.1 14400s companynamedns.com 1 A 11.11.11.1 14400s and mx record like this companynamedns.com 1 TXT v=spf1 a mx ip4:192.168.1.1 ip4:10.0.0.1 ip4:10.10.10.1 -all 14400s but how about the ns record? should i but all ns record in the dns zone in whm? [note : there is another company make this trick and he have alot of name server NS but i didn't see all registred in dns records only 2 NS for the site And pointed to one server only] so how can the client connect the the server with ns that the main domain name companynamedns.com already did't added the others NS in the dns zone like A client make the nameserver for his site is ns22.companynamedns.com ns23.companynamedns.com but the DNS Records for the companynamedns.com is ONLY s1.companynamedns.com s2.companynamedns.com so how the ns22 and ns23 working and it didn't even added in the dns zone in the main domain companynamedns.com maybe he add all the name server he want in the domain control panel in the child name server only not in the name server but i think it didn't work it must be add in the name server too i really going to be CRAZY for this this trick is the right way to connect more than server with one domain name i colored the thread to read and get my idea easy and i really need expert help me with that issue
View Replies!
View Related
How To Transfer Awstats Logs From Old Server To New Server
We had some issues with old server hence we migrated some websites to another new server from our old server. We did a backup of all existing webfiles and database from old server and transferred the same to new server, a manual transfer few weeks ago. However, we were not able to backup our awstats logs for this domains, can someone guide how to transfer awstats from old server to new server? We cannot perform an automated transfer from old server to new server now, is there some way we can migrate our awstats from old server to new server for this domains?
View Replies!
View Related
Delete Access And Error Logs On Server
After a full year of operation, I think I need to delete some log files. What types of files can I safely delete (and is deletion the best option, i.e. will the files be regenerated from zero length?) For example, my server's error_log file is 193 Mb and my access_log file is 14 Mb. Can I "rm" them both? Are there any other such files I can safely delete that occupy space on the server?
View Replies!
View Related
High Server Load - How To Check From Logs
my server load was above 200+ today on this specific time. How do I check from logs what is going on? Where do I begin? 16:28:11 up 32 days, 22 min, 2 users, load average: 241.03, 108.69, 54.24 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT mi pts/0 xxx.82.73.xxx Thu20 0.00s 0.06s 0.39s sshd: mi [priv] mi pts/1 xxx.82.73.xxx Thu21 18.00s 1:07m 0.37s sshd: mi [priv]
View Replies!
View Related
Shared Hosting With Access To Server Logs
=We are trying to integrate eBay.com feeds into our site and for some reason we are not able to get expected results on current shared hosting server. We tested the same on another server and we are able to get the right results. And the current host doesn't allow us to access the server logs unless we upgrade the account to VPS and Dedicated server. But we are pretty new to launch the site, hence we don't want to buy any VPS or Dedicated server for now. Now we are looking for another shared hosting who can offer to access server logs.
View Replies!
View Related
Mail Server - Setup Virtual Mail Boxes
AMD Athlon54 X2 512Kx2 socket AM2 3800 slamd64-11.0 Just completed installing the captioned OS with everything installed except GAME. This is an experiment. slamd64 is now running on the box. I'm going to setup virtual mail boxes on this server, allowing my friends using the mail server sending and receiving mails. Please advise; 1) how to check whether sendmail is running and configured properly. 2) how to setup virtual mail boxes. Where can I find relevant tutorial.
View Replies!
View Related
Separate Mail Server- Deliver Mail To Hotmail
i'm thinking about building a separate mail server away from my cpanel/whm machine. that mail server will be located on a different IP address with "clean" record so that business email won't get deleted my strict rules of hotmail. can you please tell me, generally, about this "buidling separate mail server", i.e. what MTA, software, web-mail software, will it be worth? ,etc. Pointing me in the right direction will allow me to complete the project in the shortest time.
View Replies!
View Related
Users Cannot Connect To Remote MySQL Server
I have a few users that have a hosting account with me and are trying to connect to their own MySQL servers elsewhere. Both said that they are able to connect to the MySQL server with other hosting accounts but not the ones hosted with me. I asked if they had setup permissions to allow remote connections from my server and they confirmed that they did. What am I missing? Do I need to configure my firewall somehow? I figured the connection is just using port 80 since it's from an PHP script right?
View Replies!
View Related
Can't Connect To MySQL Server On 'localhost' (10055)
Do you guys know anything about this? My server works perfectly with INSERT, UPDATE, DELETE for mysql. but after like 12 hours later, my application crashes and I get this "Can't connect to MySQL server on 'localhost' (10055)" and I would have to restart my applications and everything will be working perfectly. Do you guys have any idea why this happen? I do have a lot of connections coming in and out of my server. Would that mean anything?
View Replies!
View Related
Unable To Connect To Local Httpd Server.
When i go to my website or any page under the domain it's just white. Blank nothing, nada. "Failed to receive status information from Apache. Unable to connect to local httpd server." This error message appears when i click on "apache status". Is this because of the network issue? Or is it because of something I did myself? I did a google search and came up on some solution, I did them and nothing.
View Replies!
View Related
Fresh Centos Server Install But Cannot Connect To The Internet
The setup: 2wire BT router (Firmware 6.1.1) 1 Server (Dell) Hardware with NICs (Server is connected to router via Ethernet Cable) 5 Static Ip addresses purchased from BT Server OS is Centos 5.2 All laptops (5) are able to connect to the net wirelessly. I just did a standard installation of the Centos following [url] I then tried Code: yum update but it times out. I have no remote access to the server. I can only connect when i am on the router. I have seached, read and tried so many sites and commands but it just is not working. I have had this problem for about a 6 days. Its a long story but basically this server setup has become a nemesis. I don't mind providing remote access to the server and router admin page if needed. I am in London btw.
View Replies!
View Related
Mail Server / Can't Send Or Receive Mail
In webmail, when a person trys to send an email they get this error: Message not sent. Server replied: Requested action aborted: error in processing 451 Temporary local problem - please try later We have tried all the mail processing apps on Webmail (horde/squirrel/roundcube) and all of them seem to do the same thing. We have restart exim and that doesn't do anything either. I tried searching Google, but I didn't find too much luck there.
View Replies!
View Related
Error In My Dns Server : Rndc: Connect Failed: 127.0.0.1#953: Connection Refused
i got this error : rndc: connect failed: 127.0.0.1#953: connection refused oot@server [/]# rndc status rndc: connect failed: 127.0.0.1#953: connection refused root@server [/]# /etc/init.d/named status rndc: connect failed: 127.0.0.1#953: connection refused named is stopped root@server [/]# /scripts/fixndc Named could not be restarted, any obvious config errors should show up below this line. No critical problems found, will attempt to regenerate keys regardless. warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused Creating rndc.conf Creating /etc/rndc.key warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused Restarting named warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused /scripts/fixrndc failed to fix the rndc key (or named is otherwise broken), please investigate manually and i have try to reload the rndc but i got this error : root@server [~]# rndc reload rndc: connect failed: 127.0.0.1#953: connection refused my vps info : linux os - centos , using cpanel , apache , mysql .... root@server [~]# uname -r 2.6.18-028stab064.7
View Replies!
View Related
Intermittent "Can't Connect To MySQL Server"
I started getting small periods of intermittent connection errors about once every hour, lasting for about 1 to 5 minutes each time: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' I enabled the error log and did some other monitoring and established 2 things: - the server doesn't crash/restart, it keeps running throughout the errors - the errors do not match the load on the website, as sometimes when 500 users are online there are no errors, but when 300 are online they may by prolific I checked many forums and then made 5 changes: - changed the directory containing the mysql.sock file so only file owners or superusers can delete files from it - I changed the default socket file setting in both my.cnf and php.ini - I read about SELinux causing such a problem, so I disabled SELinux completely, rebooted the server and double-checked that it is indeed disabled. - I changed the maximum amount of open files allowed by the operating system from 1024 to 30000. Despite all these changes, I still get the errors. I then read that there is a workaround by using TCP/IP instead of the sock file. I tried that, but I still get the error intermittently in the form of: Can't connect to MySQL server on 127.0.0.1 MySQL server 4.1.20, PHP 4.3.9, client API 4.1.20, CentOS 4.3, Intel P4 2.8GHz 1GB RAM
View Replies!
View Related
Spammers Help
It looks like someone spammng from our server. I have checked exim_mainlog and got the this info. 2007-01-23 03:12:32 1H99Fz-0004wl-RV => erio@erio.com R=lookuphost T=remote_smtp H=mail.erio.com [217.220.27.241] 2007-01-23 03:12:40 1H99Fz-0004wl-RV => brown2525@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> beth46@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> dstanfie@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> harris3943@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> yumyyelow@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> gloverlm@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> debilu@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mosleyclan4@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> 61369@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> melabong@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> k_mcmull@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> anniern@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> bannaj1@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> lizzied@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> gillumd@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> pfeiferk36@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mommyof2@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> tongem@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> whitsonswrecker@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mmal63@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> goosynina1@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> malenat@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> jlhk@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> tawndawn@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> usnssn@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> crazybutcute0304@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> thomas0421@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mercibw@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> crouch1966@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> pj16@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> alba93@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> sassyd69@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> bettysue57@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> jimfiscus@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> nvonalme@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> breweragency@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] 2007-01-23 03:12:40 1H99Fz-0004wl-RV -> annaksimpson@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32] In the log file is showing like this. 2007-01-22 19:11:24 1H99Fz-0004wm-Vp <= <> R=1H99Fz-0004wl-RV U=mailnull P=local S=605030 2007-01-22 19:11:24 1H99Fz-0004wl-RV <= stlawson100@yahoo.com.hk U=churchre P=local S=3558 id=23894.217.194.149.171.1169511083....el@65.xx.xx.xx I couldn't find who is sending.
View Replies!
View Related
Spammers
problem with spammers.. i installed bruteforce attack and apf but spammers still trying to use my mail server to spam.. bfa sending me 20-30 warning emails everyday like Quote: The remote system 200.83.230.214 was found to have exceeded acceptable login failures on xxxxxx; there was 62 events to the service exim. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible. Executed ban command: /etc/apf/apf -d 200.83.230.214 {bfd.exim} The following are event logs from 200.83.230.214 on service exim (all time stamps are GMT -0600): this spammers causing to load cpu very hi and freeze my server sometimes. is there any way i can setup to only allow authenticated users to access the mail server. or any idea.. im not a hosting company hosting my websites and im a poor guy can't hire server admin.. and i have search it on google could'nt found anything..
View Replies!
View Related
Improve Performance- Web Server, SSH Server, And Mail Server
I've got a VPS which is serving as the main server for a number of sites. Web Server, SSH Server, and Mail Server. What I've got running: Apache2, PHP5, MySQL5, Dovecot, Postfix One of the sites is a growing forum with a MASSIVE photo album. This is the site where I notice the most slowness. Changing the server software is not an option - Only optimization. Quote: Originally Posted by httpd.conf ServerTokens OS ServerRoot "/etc/httpd" PidFile run/httpd.pid Timeout 300 KeepAlive Off MaxKeepAliveRequests 100 KeepAliveTimeout 5 <IfModule prefork.c> StartServers 8 MinSpareServers 8 MaxSpareServers 13 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 50 </IfModule> <IfModule worker.c> StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> Listen 80 LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_alias_module modules/mod_authn_alias.so LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so LoadModule ext_filter_module modules/mod_ext_filter.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule expires_module modules/mod_expires.so LoadModule deflate_module modules/mod_deflate.so LoadModule headers_module modules/mod_headers.so LoadModule usertrack_module modules/mod_usertrack.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule mime_module modules/mod_mime.so LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule info_module modules/mod_info.so LoadModule dav_fs_module modules/mod_dav_fs.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule actions_module modules/mod_actions.so LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule cache_module modules/mod_cache.so LoadModule suexec_module modules/mod_suexec.so LoadModule disk_cache_module modules/mod_disk_cache.so LoadModule file_cache_module modules/mod_file_cache.so LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule cgi_module modules/mod_cgi.so Include conf.d/*.conf User apache Group apache Quote: Originally Posted by my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock # Default to using old password format for compatibility with mysql 3.x # clients (those using the mysqlclient10 compatibility package). old_passwords=1 [mysql.server] user=mysql basedir=/var/lib [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid
View Replies!
View Related
How To Stop Spammers?
I was wondering if anyone has any methods to stop spammers? Currently i am keeping watch on the mail queue and making sure nothing unsual. I have in WHM configuration setup to not allow more 200 mail messages per account per hour but for some reason it will hit thousands. WHMCS does seem to suspend them automatically or maybe its because of WHM BUT only when its too late. Any thoughts or suggestions?
View Replies!
View Related
Spammers Hotlinking
I have found some spammer hotlinking to my images to get his site crawled, I have modified the .htaccess to attempt and serve his hotlinking domain with a warning but it does not work... My actual .htaccess file is the one below (it was created by wordpress automatically): # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress I am adding these lines right below: -------------------------------- RewriteEngine On RewriteCond %{HTTP_REFERER} ^http://(.+.)?spammerdomain.com/ [NC,OR] RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L] ------------------------------------ My questions... I dont kmow too much what I am doing, following the tutorial here, http://altlab.com/htaccess_tutorial.html but the problem is that my .htacces already contains something created by wordpress that to me looks like garbage as I don't understand the meaning. I dont know if I should add the lines inside the <IfModule mod_write.c> or outside them as I have done. I dont know if it is ok to have two times Rewrite Engine On PS: When I added the lines I describe above, my site also stopped displaying the images, I had stopped everyone including myself from hotlinking them. I only want to stop certain domain. or even better, my ideal solution is to WHITELIST my domain names (I have two using hotlinkg to those images), but I will settle for blacklist if it is easier.
View Replies!
View Related
How To Stop Spammers ...?
Have a persistent spammer who kept emailing my clients, even non existent domain accounts and getting the bounced emails to be send to a particular yahoo address. I tried to block in all ways but can't seem to stop him. His spams are from all over the world. Any suggestions?
View Replies!
View Related
Protecting Against Spammers?
I was on my visitors on AWstats, and when looking up most of the top IPs (the ones that viewed the most pages), most of them were associated with IANA, and tagged as spam/hacker IPs. Of course, I've blocked all of those IPs with my .htaccess file, but how can I further protect my server from such threats? How can I rid my server of these spammers/hackers?
View Replies!
View Related
Finding Spammers
trying to find a spammer on my system, who just sent out and is still sending out 4000+ emails... i have a centos vps with whm. looked at exim_mainlog, there's nothign telling. the message body is visible, but the links it points to arent' hosted by me. there is no return address, its sending mail as nobody. phpsuexec is not an option.
View Replies!
View Related
Spammers On VPS
Any thoughts, or opinions are welcome. Looking for options on how to stop this. Recently I've started receiving spam that appears to originate from a hosted domain on my VPS. It appears to only be an issue with this website account and not the VPS generally. I've disabled the IMAP service to ensure the spam was not being sent from the server. The spam continues which leaves the POP email accounts as a possibility or something else. My hosting provider says it looks like email spoofing. Someone seems to be using the address at foobar.com to send out spam. The method that he has employed is called email spoofing. Email spoofing is the practice of changing your name in email so that it looks like the email came from somewhere or someone else. However, you need not be concerned. Individuals, who are sending "junk" email or "SPAM", typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator. The spammer is not using our server to send out spam, hence your email address will never be blacklisted. There is really no way to prevent receiving a spoofed email. Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox. The following are headers of two spam emails. Both of these addresses are setup as forwarders and not actual email accounts. The spam came to our attention because it is being sent to addresses on foobar.com with headers as also originating from foobar.com I changed the actual names for privacy host.vpsdomain.com [123.123.123.123] - VPS domain foobar.com - website account on VPS myemailaccount@gmail.com - address foobar forwarders send to Delivered-To: myemailaccount@gmail.com .....
View Replies!
View Related
Our Smtp Being Used By Spammers
I have deciated windows 2008 server and from last 2 days there is some thing which is using our smtp server to send spam its like we get thousand of spam emails qued in our outbound que, although our security is really high, such as smtp authtenication (open relay) and other options are already enable and we ran anti virus scan too but nothing found. I wonder if there is anyone else out there who face such problem and how did you stop?
View Replies!
View Related
Hosting Spammers
As hosting providers, it is important to follow the standard industry supported AUP/TOS agreements to keep spammers in their place. Do you believe spammers should be able to buy their way to hosting? Some hosting providers have allowed spammers to stay by allowing them to pay a premium hosting fee.
View Replies!
View Related
Stopping Spammers
I have WHM 11.1.0 cPanel 11.2.1-C11635 FEDORA 4 i686 - WHM X v3.1.0 PHP Version 4.4.4 I'm not sure what my apache version is. I want to try this: http://www.webhostgear.com/232_print.html It says it's for Apache 1.3x, PHP 4.3x Will that work on my server? Will it be safe to try?
View Replies!
View Related
How To Stop Spammers
I have a massive spam problem on my server, which I cannot seem to find a cure for. Here is an example of the headers from an example email (from WHM) that is stuck in the mail queue: Quote: 1HiU0X-0006Y3-O6-Hmailnull 47 12<>1177932329 0-ident mailnull-received_protocol local-body_linecount 78-allow_unqualified_recipient-allow_unqualified_sender-frozen 1177932333-localerrorXX1vrroark@freemail.ru144P Received: from mailnull by host.zaggs.com with local (Exim 4.63)id 1HiU0X-0006Y3-O6for vrroark@freemail.ru; Mon, 30 Apr 2007 12:25:06 +0100045 X-Failed-Recipients: download@host.zaggs.com029 Auto-Submitted: auto-replied058F From: Mail Delivery System <Mailer-Daemon@host.zaggs.com>024T To: vrroark@freemail.ru059 Subject: Mail delivery failed: returning message to sender047I Message-Id: <E1HiU0X-0006Y3-O6@host.zaggs.com>038 Date: Mon, 30 Apr 2007 12:25:06 +01001HiU0X-0006Y3-O6-DThis message was created automatically by mail delivery software.A message that you sent could not be delivered to one or more of itsrecipients. This is a permanent error. The following address(es) failed: download@host.zaggs.com (generated from abraham@keysupplier.com) retry timeout exceeded------ This is a copy of the message, including all the headers. ------Return-path: <vrroark@freemail.ru>Received: from [220.157.245.77] (port=3648 helo=localhost.localdomain)by host.zaggs.com with smtp (Exim 4.63)(envelope-from <vrroark@freemail.ru>)id 1HiU0X-0006Xu-7rfor abraham@keysupplier.com; Mon, 30 Apr 2007 12:25:06 +0100Message-ID: <10fb01c78b19$683b6042$8bc8505a@freemail.ru>From: Noticeable <vrroark@freemail.ru>To: abraham@keysupplier.comSubject: I am 79 years young!Date: Mon, 30 Apr 2007 14:19:48 +0300MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_9E7D5C31.01A57A34"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express V6.00.2900.2180X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180This is a multi-part message in MIME format.------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: 7bit A few words about HGH LifeI have been taking HGH Life for five weeks and there is a noticeable improvementin me overall. Waking up without muscular pain is the most obvious! WhenI run out, I shall be ordering as much as my pension will allow. I am inEngland and am 79 years young!Order HGH Life online ------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"><META content=3D"MSHTML 6.00.2900.2912" name=3D"GENERATOR"></HEAD><BODY text=3D#000000 bgColor=3D#ffffff><font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font =face=3D"Arial" color=3D"#009900" size=3D"5"><strong>A few =words about HGH Life™</strong></font></p><p align=3D"center"><font face=3D"Arial">I have been taking HGH =Life™ <strong>for five weeks </strong>and there is a noticeable =improvement in me overall. Waking up without muscular pain is the most =obvious! When I run out, I shall be ordering as much as my pension will =allow. I am in England and am <strong>79 years =young</strong>!"</font></p><p align=3D"center"><a href=3D"http://worldwdefull.com"><strong><font =face=3D"Arial" color=3D"#ff6600" size=3D"4">Order HGH Life™ =online</font></strong></a></p></font></BODY></HTML>------=_NextPart_000_0000_9E7D5C31.01A57A34-- I can confirm that the person who is doing this IS NOT using the 'nobody' user because I am keeping a spam_log for that. How else is a user able to use our server for spam? Please help as I would like to get this sorted ASAP.
View Replies!
View Related
Hackers..spammers..
I've been on yet-another crusade this morning..and have a few questions for the..umm.."general" hosting audience. We live in odd times. If you told me that script kiddies might be able to completely comprimise a server via php..or that spammers are now using the webserver *itself* to send spam a few years ago..I would have laughed. This is no laughing matter. A concept of privacy comes into play..and I'm curious how many of you handle it. Joe pays me for a account..agrees to my TOS/AUP..and starts uploading files. The way I see it..we have many ways of dealing with scripts that do bad things. It seems to me, though...this may be considered "spying" on our customers. If we have a script..say..that runs every fifteen minutes..and looks for these scripts..wouldn't that be considered spying? Or would this be something we should just bury in our aup/tos that this might happen? I have read and agreed to quite a few of those AUP/TOS things..and I can't remember even one time even a mention that files that I upload to the server may be scanned or inspected..before allowing the file to be placved on the server. Never..not once. However...this may have changed. If you've ever tried to get even a simple Perl script to work on a Cpanel server...you probably understand that many safeguards are there for the sake of everybody else on the server...and may prevent you from doing what you want to do with the script(s). At the same time..though..it seems to fly in the face of common sense that many script packages available today are inherently insecure. Chmod 777 files and directories? Even in the times we live in today and know this is a very, very bad idea? Yet..there seem to be even more like this today than ever before. >>I mention this from first hand expereince. One of the many magazines I get had a article detailing the trials the author was having trying to get Simple Groupware working on a vps. yesterday..I noticed a post with a person wanting something installed on a production server. Not only was the program a beta..but..just like Simple Groupware..looked horribly insecure. In retrospect...I can remember the very first php script I ever used. The year was 1996..and this was my first Cpanel shared account. I even remember having to add *.php to the mime types. It installed without a hitch..and..coming from the Perl world I had spent many years in..and many hours getting those scripts to work..it seemed almost like a miracle. It seems, as hosts, there are a few ways we can go at this. 1) Modify the ftp server so it inspects files 2) Have a program that looks for things..much like rkhunter does. 3) A front-end for all scripts..perhaps MySQL as well..that enforces rulesets..for restricted content..or resource allocations.
View Replies!
View Related
|
TRACKER
