Email Security From Spammers

Oct 3, 2006

I have two domains that I haven't set email up for yet. One is hosted on a good plan that uses cPanel. The other has some not-so-user-friendly interface.

Either case, I haven't set up email because I don't know what to seperate between truth and fiction. I know of the front end measures of cloaking an email link to your site using hex or some other hack so it doesn't show up to spiders and bots.

I also heard a rumor that using generic "webmaster@" on any domain is a surefire way for these bots to spam through. So is that true? Should I name my link like "thiswebmaster@" instead ? (or to that effect?)

What can I do to prevent too much (relatively speaking I guess) spam coming in?

View 0 Replies


ADVERTISEMENT

Spammers Use My Server To Send Out Email

Oct 19, 2007

I think someone has successfully make my server to send out emails. Why i know this?

it's because I saw many return emails saying that the emails sent out to their inbox are consider spam. I mean a lot for instance within 1 second, there are more than 10 mails.

Can someone help explains me how I can find the culprit and fix the problem?

View 14 Replies View Related

Stop Spammers From Spoofing My Email Domain

May 4, 2007

Is there any way to stop spammers from spoofing my address? I've had issues ever since I started this server with getting bounced spam where the "From:" field was (jibberish)@mydomain.com which was annoying but not that constant.

I came online this morning to check my mail and had over 1200 e-mails and all of them have "online@wellsfargo.com" as the "From:" address, but the message-ID has my domain name in it..

Quote:

------ This is a copy of the message, including all the headers. ------

Return-path: <nobody@host.mydomain.com>
Received: from nobody by host.mydomain.com with local (Exim 4.63)
(envelope-from <nobody@host.mydomain.com>)
id 1Hju9b-0002y3-TH
for lwilder1999@yahoo.com; Fri, 04 May 2007 05:32:43 -0400
To: lwilder1999@yahoo.com
Subject: Update Your Account Records
From: Wells Fargo Online <online@wellsfargo.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit

Message-Id: <E1Hju9b-0002y3-TH@host.mydomain.com>
Date: Fri, 04 May 2007 05:32:43 -0400

There's gotta be some way (make that 1204.. just got 4 more bounces) to block spammers from doing this. Could someone help a newbie out?

View 6 Replies View Related

How To Stop Spammers From Using Your Domain/email To Send Out Spam?

May 15, 2008

I've been getting a lot of "Undeliverable" emails sent to my email address. On these messages, the spammer is using my email on the "From" part of the email...... So whenever he sends out spam, the person(s) getting spammed think it's from me..... And the thousands of Undeliverable email error messages are also sent to me.

Is there a way to stop this from Happening? ....... Besides changing my email address?

View 3 Replies View Related

Email & VPN & Web Security

Feb 2, 2008

questions about web security and my problems .Please help me about that problem.

1)I have email on Gmail and yahoo. frequently. i saw some changing in my settings in gamil and yahoo and orkut accounts.
sometimes i see somebody remove some items.
Somtimes i see somebody sent mail by my email!

2)Unfortunately,Yahoo,Gmail & orkut do not get any information about last login and last log out.
But i see many simple forum's software give to user this info.

3) Iranian government has forbidden many websites so in iran many people use VPN for access to filtered websites ( censored websites).
Some person in Iran selling VPN account and we set IP and get some setting info for creating an VPN account.(tunneling)

4)I heard all Iranin ISP is controled by political police of Iran.

************

Q1) Is there any famous and secure email provider that:

a) after login i can see my last logout and last login in my panel like vbulletin?

b) I can capture LOG, so i can see in what date&time in what person sent mail by my account?

C) Is there any email provider that in login check CPU ID or other hardware ID and if these are legal and belong to that user, login possible?

Q2) Can Owner of VPN access to secure information of useres?

Q3) Is there any technical method that an ISP can access to email and other account of users?
for example Cookie robbing or listenning?

Q4)If i buy Satellite receiving and my sending provider is an Iranian ISP.
security will be better?

View 0 Replies View Related

Security Email Service

Mar 31, 2007

security email service for some business email at mynamedomain.com. Can you recommend such service that is impossible to hack?

I use Mail 2 client (Mac OS X). Does it have security options?

View 4 Replies View Related

Spammers On VPS

May 17, 2009

Any thoughts, or opinions are welcome. Looking for options on how to stop this.

Recently I've started receiving spam that appears to originate from a hosted domain on my VPS. It appears to only be an issue with this website account and not the VPS generally.

I've disabled the IMAP service to ensure the spam was not being sent from the server. The spam continues which leaves the POP email accounts as a possibility or something else.

My hosting provider says it looks like email spoofing.

Someone seems to be using the address at foobar.com to send out spam. The method that he has employed is called email spoofing. Email spoofing is the practice of changing your name in email so that it looks like the email came from somewhere or someone else. However, you need not be concerned.

Individuals, who are sending "junk" email or "SPAM", typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator. The spammer is not using our server to send out spam, hence your email address will never be blacklisted.

There is really no way to prevent receiving a spoofed email. Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.

The following are headers of two spam emails. Both of these addresses are setup as forwarders and not actual email accounts. The spam came to our attention because it is being sent to addresses on foobar.com with headers as also originating from foobar.com

I changed the actual names for privacy
host.vpsdomain.com [123.123.123.123] - VPS domain
foobar.com - website account on VPS
myemailaccount@gmail.com - address foobar forwarders send to

Delivered-To: myemailaccount@gmail.com .....

View 1 Replies View Related

Spammers Help

Jan 26, 2007

It looks like someone spammng from our server. I have checked exim_mainlog and got the this info.

2007-01-23 03:12:32 1H99Fz-0004wl-RV => erio@erio.com R=lookuphost T=remote_smtp H=mail.erio.com [217.220.27.241]
2007-01-23 03:12:40 1H99Fz-0004wl-RV => brown2525@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> beth46@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> dstanfie@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> harris3943@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> yumyyelow@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> gloverlm@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> debilu@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mosleyclan4@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> 61369@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> melabong@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> k_mcmull@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> anniern@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> bannaj1@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> lizzied@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> gillumd@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> pfeiferk36@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mommyof2@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> tongem@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> whitsonswrecker@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mmal63@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> goosynina1@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> malenat@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> jlhk@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> tawndawn@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> usnssn@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> crazybutcute0304@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> thomas0421@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> mercibw@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> crouch1966@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> pj16@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> alba93@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> sassyd69@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> bettysue57@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> jimfiscus@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> nvonalme@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> breweragency@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]
2007-01-23 03:12:40 1H99Fz-0004wl-RV -> annaksimpson@bellsouth.net R=lookuphost T=remote_smtp H=mx00.mail.bellsouth.net [205.152.58.32]

In the log file is showing like this.

2007-01-22 19:11:24 1H99Fz-0004wm-Vp <= <> R=1H99Fz-0004wl-RV U=mailnull P=local S=605030
2007-01-22 19:11:24 1H99Fz-0004wl-RV <= stlawson100@yahoo.com.hk U=churchre P=local S=3558 id=23894.217.194.149.171.1169511083....el@65.xx.xx.xx

I couldn't find who is sending.

View 14 Replies View Related

Spammers

Dec 15, 2007

problem with spammers.. i installed bruteforce attack and apf but spammers still trying to use my mail server to spam.. bfa sending me 20-30 warning emails everyday like

Quote:

The remote system 200.83.230.214 was found to have exceeded acceptable login failures on xxxxxx; there was 62 events to the service exim. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.

Executed ban command:
/etc/apf/apf -d 200.83.230.214 {bfd.exim}

The following are event logs from 200.83.230.214 on service exim (all time stamps are GMT -0600):

this spammers causing to load cpu very hi and freeze my server sometimes.

is there any way i can setup to only allow authenticated users to access the mail server. or any idea..

im not a hosting company hosting my websites and im a poor guy can't hire server admin.. and i have search it on google could'nt found anything..

View 5 Replies View Related

Joomla Security / Linux Security

Apr 4, 2008

I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.

When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.

However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.

Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.

View 10 Replies View Related

How To Stop Spammers?

Jun 30, 2008

I was wondering if anyone has any methods to stop spammers? Currently i am keeping watch on the mail queue and making sure nothing unsual. I have in WHM configuration setup to not allow more 200 mail messages per account per hour but for some reason it will hit thousands. WHMCS does seem to suspend them automatically or maybe its because of WHM BUT only when its too late.

Any thoughts or suggestions?

View 9 Replies View Related

Spammers Hotlinking

Nov 8, 2009

I have found some spammer hotlinking to my images to get his site crawled, I have modified the .htaccess to attempt and serve his hotlinking domain with a warning but it does not work...

My actual .htaccess file is the one below (it was created by wordpress automatically):

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

I am adding these lines right below:

--------------------------------
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+.)?spammerdomain.com/ [NC,OR]
RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]
------------------------------------

My questions...

I dont kmow too much what I am doing, following the tutorial here, http://altlab.com/htaccess_tutorial.html but the problem is that my .htacces already contains something created by wordpress that to me looks like garbage as I don't understand the meaning.

I dont know if I should add the lines inside the <IfModule mod_write.c> or outside them as I have done.

I dont know if it is ok to have two times Rewrite Engine On

PS: When I added the lines I describe above, my site also stopped displaying the images, I had stopped everyone including myself from hotlinking them. I only want to stop certain domain. or even better, my ideal solution is to WHITELIST my domain names (I have two using hotlinkg to those images), but I will settle for blacklist if it is easier.

View 9 Replies View Related

How To Stop Spammers ...?

Jun 2, 2009

Have a persistent spammer who kept emailing my clients, even non existent domain accounts and getting the bounced emails to be send to a particular yahoo address. I tried to block in all ways but can't seem to stop him. His spams are from all over the world. Any suggestions?

View 3 Replies View Related

How To Catch The Spammers?

Jun 3, 2007

I have someone on my server who likes to send spam emails. How would I go about catching this person?

View 13 Replies View Related

Protecting Against Spammers?

Jan 29, 2008

I was on my visitors on AWstats, and when looking up most of the top IPs (the ones that viewed the most pages), most of them were associated with IANA, and tagged as spam/hacker IPs.

Of course, I've blocked all of those IPs with my .htaccess file, but how can I further protect my server from such threats? How can I rid my server of these spammers/hackers?

View 3 Replies View Related

How-To: Find PHP Nobody Spammers!

Apr 9, 2004

Someone posted some code similar to below, I made modifications or two after trying to detect PHP "nobody" users, after dumping a few printenv I found PHP exports PWD when calling an external program such sendmail. Basically the PWD will show the user directory that is coming from, which is enough to detect who is sending SPAM even as nobody! It's not 100% secure in that they could wipe /var/log/formmail but I don't imagine any spam will notice the logger, they presume any cPanel server (or other CP for that matter) is the same.

mv /usr/sbin/sendmail /usr/sbin/sendmail2
pico /usr/bin/sendmail (paste the below code into it)
chmod +x /usr/bin/sendmail
echo > /var/log/formmail
chmod 777 /var/log/formail

#!/usr/local/bin/perl

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME";
}
else {

print INFO "$date - $PWD - @info";

}
my $mailprog = '/usr/sbin/sendmail.real';
foreach (@ARGV) {
$arg="$arg" . " $_";
}

open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!";
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);

View 14 Replies View Related

Finding Spammers

Jul 31, 2007

trying to find a spammer on my system, who just sent out and is still sending out 4000+ emails...

i have a centos vps with whm.

looked at exim_mainlog, there's nothign telling. the message body is visible, but the links it points to arent' hosted by me. there is no return address, its sending mail as nobody. phpsuexec is not an option.

View 6 Replies View Related

Distinguish Spammers

May 14, 2007

I need to know the ways I can distinguish spammers on my server and how to stop spamming.

View 10 Replies View Related

Our Smtp Being Used By Spammers

Nov 3, 2009

I have deciated windows 2008 server and from last 2 days there is some thing which is using our smtp server to send spam its like we get thousand of spam emails qued in our outbound que, although our security is really high, such as smtp authtenication (open relay) and other options are already enable and we ran anti virus scan too but nothing found.

I wonder if there is anyone else out there who face such problem and how did you stop?

View 6 Replies View Related

Hosting Spammers

May 9, 2009

As hosting providers, it is important to follow the standard industry supported AUP/TOS agreements to keep spammers in their place. Do you believe spammers should be able to buy their way to hosting? Some hosting providers have allowed spammers to stay by allowing them to pay a premium hosting fee.

View 14 Replies View Related

Stopping Spammers

May 13, 2007

I have WHM 11.1.0 cPanel 11.2.1-C11635
FEDORA 4 i686 - WHM X v3.1.0
PHP Version 4.4.4
I'm not sure what my apache version is.

I want to try this:
http://www.webhostgear.com/232_print.html

It says it's for Apache 1.3x, PHP 4.3x

Will that work on my server? Will it be safe to try?

View 8 Replies View Related

How To Stop Spammers

Apr 30, 2007

I have a massive spam problem on my server, which I cannot seem to find a cure for. Here is an example of the headers from an example email (from WHM) that is stuck in the mail queue:

Quote:

1HiU0X-0006Y3-O6-Hmailnull 47 12<>1177932329 0-ident mailnull-received_protocol local-body_linecount 78-allow_unqualified_recipient-allow_unqualified_sender-frozen 1177932333-localerrorXX1vrroark@freemail.ru144P Received: from mailnull by host.zaggs.com with local (Exim 4.63)id 1HiU0X-0006Y3-O6for vrroark@freemail.ru; Mon, 30 Apr 2007 12:25:06 +0100045 X-Failed-Recipients: download@host.zaggs.com029 Auto-Submitted: auto-replied058F From: Mail Delivery System <Mailer-Daemon@host.zaggs.com>024T To: vrroark@freemail.ru059 Subject: Mail delivery failed: returning message to sender047I Message-Id: <E1HiU0X-0006Y3-O6@host.zaggs.com>038 Date: Mon, 30 Apr 2007 12:25:06 +01001HiU0X-0006Y3-O6-DThis message was created automatically by mail delivery software.A message that you sent could not be delivered to one or more of itsrecipients. This is a permanent error. The following address(es) failed: download@host.zaggs.com (generated from abraham@keysupplier.com) retry timeout exceeded------ This is a copy of the message, including all the headers. ------Return-path: <vrroark@freemail.ru>Received: from [220.157.245.77] (port=3648 helo=localhost.localdomain)by host.zaggs.com with smtp (Exim 4.63)(envelope-from <vrroark@freemail.ru>)id 1HiU0X-0006Xu-7rfor abraham@keysupplier.com; Mon, 30 Apr 2007 12:25:06 +0100Message-ID: <10fb01c78b19$683b6042$8bc8505a@freemail.ru>From: Noticeable <vrroark@freemail.ru>To: abraham@keysupplier.comSubject: I am 79 years young!Date: Mon, 30 Apr 2007 14:19:48 +0300MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_9E7D5C31.01A57A34"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express V6.00.2900.2180X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180This is a multi-part message in MIME format.------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: 7bit A few words about HGH LifeI have been taking HGH Life for five weeks and there is a noticeable improvementin me overall. Waking up without muscular pain is the most obvious! WhenI run out, I shall be ordering as much as my pension will allow. I am inEngland and am 79 years young!Order HGH Life online ------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"><META content=3D"MSHTML 6.00.2900.2912" name=3D"GENERATOR"></HEAD><BODY text=3D#000000 bgColor=3D#ffffff><font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font =face=3D"Arial" color=3D"#009900" size=3D"5"><strong>A few =words about HGH Life™</strong></font></p><p align=3D"center"><font face=3D"Arial">I have been taking HGH =Life™ <strong>for five weeks </strong>and there is a noticeable =improvement in me overall. Waking up without muscular pain is the most =obvious! When I run out, I shall be ordering as much as my pension will =allow. I am in England and am <strong>79 years =young</strong>!"</font></p><p align=3D"center"><a href=3D"http://worldwdefull.com"><strong><font =face=3D"Arial" color=3D"#ff6600" size=3D"4">Order HGH Life™ =online</font></strong></a></p></font></BODY></HTML>------=_NextPart_000_0000_9E7D5C31.01A57A34--

I can confirm that the person who is doing this IS NOT using the 'nobody' user because I am keeping a spam_log for that.

How else is a user able to use our server for spam? Please help as I would like to get this sorted ASAP.

View 5 Replies View Related

Hackers..spammers..

Sep 27, 2007

I've been on yet-another crusade this morning..and have a few questions for the..umm.."general" hosting audience.

We live in odd times. If you told me that script kiddies might be able to completely comprimise a server via php..or that spammers are now using the webserver *itself* to send spam a few years ago..I would have laughed. This is no laughing matter.

A concept of privacy comes into play..and I'm curious how many of you handle it. Joe pays me for a account..agrees to my TOS/AUP..and starts uploading files. The way I see it..we have many ways of dealing with scripts that do bad things. It seems to me, though...this may be considered "spying" on our customers.

If we have a script..say..that runs every fifteen minutes..and looks for these scripts..wouldn't that be considered spying?

Or would this be something we should just bury in our aup/tos that this might happen? I have read and agreed to quite a few of those AUP/TOS things..and I can't remember even one time even a mention that files that I upload to the server may be scanned or inspected..before allowing the file to be placved on the server.

Never..not once.

However...this may have changed. If you've ever tried to get even a simple Perl script to work on a Cpanel server...you probably understand that many safeguards are there for the sake of everybody else on the server...and may prevent you from doing what you want to do with the script(s).

At the same time..though..it seems to fly in the face of common sense that many script packages available today are inherently insecure. Chmod 777 files and directories? Even in the times we live in today and know this is a very, very bad idea?

Yet..there seem to be even more like this today than ever before.

>>I mention this from first hand expereince. One of the many magazines I get had a article detailing the trials the author was having trying to get Simple Groupware working on a vps.

yesterday..I noticed a post with a person wanting something installed on a production server. Not only was the program a beta..but..just like Simple Groupware..looked horribly insecure.

In retrospect...I can remember the very first php script I ever used. The year was 1996..and this was my first Cpanel shared account. I even remember having to add *.php to the mime types.

It installed without a hitch..and..coming from the Perl world I had spent many years in..and many hours getting those scripts to work..it seemed almost like a miracle.

It seems, as hosts, there are a few ways we can go at this.

1) Modify the ftp server so it inspects files

2) Have a program that looks for things..much like rkhunter does.

3) A front-end for all scripts..perhaps MySQL as well..that enforces rulesets..for restricted content..or resource allocations.

View 1 Replies View Related

Want To Ban Spammers? 8 Easy Steps

Feb 20, 2008

1. Install CSF

2. Install Iptables if it's not installed (apt-get install iptables on redhat/centos)

3. In WHM under "# ConfigServer Security&Firewall" click on firewall deny ips

4. Open a 2nd window, Goto Main >> Server Status >> Apache Status

5. Check if there are any spammers with lots of connections to a specific file, that's how I got a lot of the IP's.

6. Goto http://ws.arin.net/whois/?queryinput=99.225.243.201

7. Enter the IP you found at "Server Status" and enter it at ws.arin.net to get the proper CIDR which you can easily add to your CSF deny hosts file (which is open in another window)

8. Get a tea and watch the server status closely.

View 8 Replies View Related

Find And Kill Spammers!

May 18, 2007

Just got alerted that my server is being used to send spam. Here is the information the datacenter gave me:

[information .....]

NOTE: I changed the real domain name and IP only.

Is there an expert who can help me decipher this? How do I find the culprit? My provider is threatening to shut me down and sink all my clients with the ship!

I am running the latest WHM and cpanel server, fyi.

View 14 Replies View Related

How To Catch Localhost Spammers

Jun 19, 2007

I am failed to catch this spammer, please help me to find out the source. There is no such domain on my server. User is using localhost in smtp, I am using mail enable standard on my server ....

View 2 Replies View Related

Uncovering Comment Spammers -- What Are They Doing?

Jun 15, 2009

A lot is known about e-mail spammers, both due to lots of investigations into them and due to some "ex-spammers" talking about what they've done. And it's widely known that they're using infected PCs now.

But what about comment spam? I've been dealing with it a lot at work, and am noticing some oddities. A good amount tends to come from countries where labor can be had cheaply, and watching logs on pages with captchas suggests that they're doing it slowly enough that they're probably just doing it by hand. Unlike the scripts I'd been used to (which would just hammer out POST requests to forms as fast as they could), some spammers are now loading pages on which the comment form resides, waiting a few seconds, and then submitting the spam with a sensible HTTP referrer -- it's as if someone is actually sitting there and copying-and-pasting spam. It seems really odd to me that someone is actually sitting there manually posting spam, though.

Comment spam tends to come from a few areas of the world -- the poverty-stricken parts of Asia; Russia, Africa, and Latin America in particular -- and yet it's often hyping products in other parts of the world. Has anyone found what I'm thinking are US-owned shops paying third-world spammers? Is that what's actually happens?

And other nonsense reigns. Some of the spam getting posted to my employer's site links to sites that, according to whois records, have never existed. A LOT of other spam has egregious formatting errors -- BBCode on a site that doesn't support it, or malformed links (mysite.com/www.spamsite.com) posted over and over again. It's like they're either so clueless that they have no idea that their spam doesn't work, or that they're just being paid by post or something and so they don't even care if the links work.

Has anyone (not necessarily personally) ever tracked down exactly what this "industry" is up to? Even though it seems like a simple extension of e-mail spam, there's a lot of odd behavior that makes me think it's actually quite different, and now I'm really curious.

View 0 Replies View Related

Spammers Impersonating My Domain

Jul 4, 2008

I'm receiveing tons of "Mail Delivery Failure" emails lately, like hundreds a day.

Today I opened a few to check what's going on... And basically these emails say a message could not be delivery due to a random error.

What intrigued me was that emails from my domain were the alledged sender or were on the reply-to field.

Those email accounts not even exist under my domain. And the spam messages were not sent from my server as it's clear in the body of the delivery error email.

So the situation is I have a spammer sending out thousands of emails a day impersonating my domain.

You can see a copy of the emails I'm getting here: http://cl1p.net/delivery_error

Why's the spammer doing this? Why the need to impersonate my domain?

And how can I stop him?

I think I might have a problem with my SPF rules, too loose! How to tighten it?

View 2 Replies View Related

Htaccess Block Spammers

Mar 13, 2007

On my domain access logs, I see a spammer using many different IPs to join my top site list with fake emails. At the end of every line, it contains I am SPAMER! How can I configure htaccess to block this spammer when a request contains that text?

View 3 Replies View Related

Spammers Ruining My Server

Aug 9, 2007

I just opened my "catch-all" email pop account that sends me everything addressed to my server that doesn't have an assigned email address. I check it every few days.

Over 4,500 undeliverables. Someone is using mydomain as a phony return address in different forms (gleskit@mydomain.com, peterepred@mydomain.com etc.) If I got over 4,500 undeliverables, these lowlife creeps must have sent innumerable thousands or tens of thousands using my domain as a return address.

What really stinks is that I've had a bunch of users complain that they're not getting usual auto-messages from my forum software. Come to find out that my domain is now banned from at least one major ISP, I'm guessing probably more by now.

The website I run depends heavily on VOLUNTARY auto-communications and updates. For example, one mailing list I maintain have over 4,800 members who've signed up for updates. It uses other feeds and email functions as well.

Am I to understand that any jackass spammer can hose a server this way, with no redress on the part of the innocent party? Also, how am I going to get back in the good graces of the ISPs and personal anti-spam programs that have now blacklisted my server for no reason?

Besides contacting all of the larger ones personally, I wouldn't even know where to begin addressing this.

Is it possible that some nasty geek with a spam program can just ruin a server in this fashion?

Just checked the account again.

In the ten minutes it took me to write the above post, I just got 54 more undeliverables.

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved