I have recently been receiving reports from AOL's feedback loop that my server is sending out spam. I have checked the whole server, but cannot find anything strange.
There are some strange things with these feedback reports. I'll post a few lines below (i crossed out my domain with xxx):
Quote:
Received: from andersenreesel by holderem.xxx.biz with local (Exim 4.23)
Received: (qmail 64859 invoked by uid 24901)
Received: from janislanhami by xxx.biz with local (Exim 4.26)
Received: from raphaelpinkertone by standei.xxx.biz with local (Exim 4.23)
Received: from imanoldelphine by dispatched.xxx.biz with local (Exim 4.23)
Received: from conrado by hostic.xxx.biz with local (Exim 4.23)
The first issue i have is with the subdomains, like "dispatched", "standei", "hostic", etc. These subdomains do not exist on my system. Also, my server does not run the exim MTA.
Another issue i have is the "invoked by uid" statements with uid's 147 and 24901. These UID's do not exist on my system. The passwd file uid's go to around 110.
Apart from these strange things, the IP that is listed in the upper part of the headers:
Quote:
Received: from xxx.biz (xxx.biz [85.xxx.xxx.xxx])
The domain and IP address is correct there, which should indicate that the spam was sent from my system. Or wasn't it?
I host a vBulletin forum on a US server. I've been getting a lot of signups from one particular spammer, wanting to post about gold harvesting for WoW. I've blocked his IP's, however he keeps using proxies.
He constantly signs up under the name "Array"... Is there a way I can block him for good? I can't moderate user sign-ups, as I'm mostly away from my computer and can't moderate them all the time.
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
[root@sm4 ~]# /root/qmHandle -m3261696
-------------- MESSAGE NUMBER 3261696 -------------- Received: (qmail 7056 invoked from network); 16 May 2007 05:34:18 -0500 Received: from axicom.net (HELO User) (67.112.176.250) by 14.32.5446.static.theplanet.com with SMTP; 16 May 2007 05:34:18 -0500 Reply-To: <notice@boamilitary.com> From: "Bank of America Military Bank"<notice@boamilitary.com> Subject: Notification from Bank of America Military Bank Date: Wed, 16 May 2007 04:44:51 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
None of domain in this email is hosted with us but there are thousand of emails day some body blast in our queue. We are failed to detect. We have enabled phpnobody spam logging but failed to get track of this user.
how to catch this spammer. There are no clues of to catch him.
Now first I will say I have NO idea how such spamming works, how a punk can get on my server and sent emails out.
I have had a team to look at it they also did something, but now it happens again for the 5th time, what can i do, are there any software or tools one can use like a antivirus to check the server and how can I avoid such sh..
I just found posts every a few days from an apparent spammer "sagepowder" in my forum (not so popular and has nothing to do with skiing). The subject is always "new here".
The content is "Any snowboarders or skiiers on this forum? I am planning a trip to BC on a snowboarding trip next week" or "I am new here, just saying hello".
I checked the apache log and it doesn't seem to be a robot script posting this. i.e. it browses to the index page, picked up my hidden field that blocks robots, post new topic, the go back to index page.
What surprised me is that when I google this guy, I got 108,000 results with the same content on tons of forums! All with total post number of 1 or 2 on each forum: [url]
I recently moved web services for one of my hosted domains (let's call it example.com) from one server (let's call it .org) to another server (let's call it .net) example.com has been on .org for about 5 years. .org handled all example.com web services, and all email. I recently updated example.com's DNS record to point www.example.com and example.com to the .net server. I didn't change the MX record or mail.example.com to point to .net. Mail continues to be delivered normally to example.com on the .org server.
Except now spammers are hitting the .net server, e.g.
Is it normal practice for spammers to send dictionary attack based spam to a domain's server that doesn't even handle email? All the spam coming is clearly just random email addresses not based on anything that exsists at the domain, and most of the addresses are so very random I can't imagine they exsist anywhere.
For about a month or so now I have a domain I host under serious attack from what I think are spammers. It's a wordpress site, and they are getting big numbers of POST requests to the WordPress comments file, e.g.
Code:
POST /wp-comments-post.php HTTP/1.1 It's a well distributed attack, and I'm doing well with some scripts I wrote to block the requests to the wp-comments-post.php file. The real comment file has long since been moved, so any POST to the file gets firewalled. It's several thousand IPs from all over the place.
I don't believe it's a malicious attempt to bring the site down, but I'm guessing it's a blog comment spammer that has something set wrong and he's pounding this site to death by accident. I could be wrong on that though.
Sometimes my clients install untrusted scripts to their account what causes spamming, because these scripts sending high number of spam emails. Is there an automatically way to disable php mail function, or disable the account temporary?
if you use a site monitoring service (or two) do you need to setup monitors for each website/domain on your VPS or can you just monitor the primary services on the VPS?
I have a windows vps and I want to monitor my bandwidth. How can I do this? I tried using a program called DU Meter but it's counting bandwidth on all users on that node and not mine =[
I want to monitor my application to make sure it is 24x7 uptime, if there is anything interrupt, I will be notified by email/SMS right away. There are several web monitoring service, but they all monitor ports, not application. I have bad experience, like, althoguh the web server is alive, but the application is already dead.
So, I want to monitor application instead of monitor a port. Anybody knows where I may find this kind of service?
What does everyone use to monitor their servers? I've come across a pretty impressive service from Panopta but haven't head of them before. Has anyone tried them out?
Does any one know a bandwidth monitor that shows me stats and which programs or Ports and or Servers are using bandwidth and how much they are using in real time?
I see a lot of web hosts that link to webhostingstuff.com which tracks the uptime of their main page. i would like to offer a similar service, where i track and list the uptime of hosts. can anyone point me in the proper direction for this? is there a particular script that I can purchase? how is this done?
Don't know if this is the right place to ask for this but here goes.
I have a 20U rack space and i use 4U of this space (1U + 2U servers and a 1U switch).
There is a 20Mbit internet connection on a 100Mbit network.
But here comes my problem, some friends have there servers in my rack space to, There is 12 servers that are my friends and i want to know how much traffic they use.
I want to know how many GB traffic they use to i can charge them (they don't pay right now).
2 of my friends servers must max take 50gb traffic!
My server has a tyan thunder 8kse (s2892) motherboard, and i'm looking for some script to monitor it. Unfortunately, tyan only offers such applications for windows. So, how can i monitor the motherboard in linux? Or preferably, webbased.
We have a few customers who have multiple C classes with us and we are wondering how most of you monitor for blacklisting.
We currently randomly pick a few IPS and check them once a month but this is not very thorough. We were wondering if there is a program out there that can check say a /20 automatically once a month or atleast something we can initiate an automated check once a month with?
