/home/longpt/public_html/configuration.php
/home/longpt/public_html/CHANGELOG.php
/home/longpt/public_html/configuration.php-dist
and I receive thousands of returning email but I don't send them.
Code:
This is the mail delivery agent at messagelabs.com.
I was not able to deliver your message to the following addresses.
<nolan1@mailbox.ulcc.ac.uk>:
128.86.238.34 does not like recipient.
Remote host said: 550 rejected
--- Below this line is a copy of the message.
Return-Path: <nobody@hn.luatgiapham.com>
X-VirusChecked: Checked
X-Env-Sender: nobody@hn.luatgiapham.com
X-Msg-Ref: server-13.tower-82.messagelabs.com!1188346634!60747442!1
X-StarScan-Version: 5.5.12.14.2; banners=-,-,-
X-Originating-IP: [203.162.168.24]
X-SpamInfo: filtered by Signaturing System
X-Spam-Flag: YES
X-SpamReason: Matched rules 111461236, 114223405
Subject: {Spam?} Automated Security Notice
Received: (qmail 19117 invoked from network); 29 Aug 2007 00:17:31 -0000
Received: from unknown (HELO hn.luatgiapham.com) (203.162.168.24)
by server-13.tower-82.messagelabs.com with AES256-SHA encrypted SMTP; 29 Aug 2007 00:17:31 -0000
Received: from nobody by hn.luatgiapham.com with local (Exim 4.63)
(envelope-from <nobody@hn.luatgiapham.com>)
id 1IQ8CZ-00071e-H1
for nolan1@mailbox.ulcc.ac.uk; Tue, 28 Aug 2007 21:02:19 +0000
To: nolan1@mailbox.ulcc.ac.uk
From: NatWest Bank <online.security@natwest.com>
MIME-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: 8bit
Message-Id: <E1IQ8CZ-00071e-H1@hn.luatgiapham.com>
Date: Tue, 28 Aug 2007 21:02:19 +0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - hn.luatgiapham.com
X-AntiAbuse: Original Domain - mailbox.ulcc.ac.uk
X-AntiAbuse: Originator/Caller UID/GID - [99 32002] / [47 12]
X-AntiAbuse: Sender Address Domain - hn.luatgiapham.com
X-Source:
X-Source-Args:
X-Source-Dir:
I have a VPS and I am wondering if anyone knows any way in which to make it so that emails sent from the server are not seen as spam by hotmail and the likes.
Is there any way to stop spammers from spoofing my address? I've had issues ever since I started this server with getting bounced spam where the "From:" field was (jibberish)@mydomain.com which was annoying but not that constant.
I came online this morning to check my mail and had over 1200 e-mails and all of them have "online@wellsfargo.com" as the "From:" address, but the message-ID has my domain name in it..
Quote:
------ This is a copy of the message, including all the headers. ------
Return-path: <nobody@host.mydomain.com> Received: from nobody by host.mydomain.com with local (Exim 4.63) (envelope-from <nobody@host.mydomain.com>) id 1Hju9b-0002y3-TH for lwilder1999@yahoo.com; Fri, 04 May 2007 05:32:43 -0400 To: lwilder1999@yahoo.com Subject: Update Your Account Records From: Wells Fargo Online <online@wellsfargo.com> Reply-To: MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit
Message-Id: <E1Hju9b-0002y3-TH@host.mydomain.com> Date: Fri, 04 May 2007 05:32:43 -0400
There's gotta be some way (make that 1204.. just got 4 more bounces) to block spammers from doing this. Could someone help a newbie out?
I've been getting a lot of "Undeliverable" emails sent to my email address. On these messages, the spammer is using my email on the "From" part of the email...... So whenever he sends out spam, the person(s) getting spammed think it's from me..... And the thousands of Undeliverable email error messages are also sent to me.
Is there a way to stop this from Happening? ....... Besides changing my email address?
my DNS stop resolving, once a day i need to restart the service in cpanel/whm , what can be done to prevent that ?
its a fresh vps only cpanel is there and 2 domains with no pages just a simple under costruction index page . in CSF i have a Your Score: 106/112 in security , it firewalled and hardened
right now is using 299 of ram out of 512 burstable to 768
I was wondering if anyone has any methods to stop spammers? Currently i am keeping watch on the mail queue and making sure nothing unsual. I have in WHM configuration setup to not allow more 200 mail messages per account per hour but for some reason it will hit thousands. WHMCS does seem to suspend them automatically or maybe its because of WHM BUT only when its too late.
Have a persistent spammer who kept emailing my clients, even non existent domain accounts and getting the bounced emails to be send to a particular yahoo address. I tried to block in all ways but can't seem to stop him. His spams are from all over the world. Any suggestions?
By mistake instead of using gunzip file name on my friend's vps, I had used gunzip -c filename
and its taking hell a lot of time to unzip it, I have no clue on how to stop this and I am scared if I close ssh client, it might be still adding load to the server ..
I am unzipping an 4.5mb file, which on un-compression must be around 14.5mb ..
for the past 10 mins its still unzipping and not sure how long it will go on.. unless I stop it..
a site i manage for a client is being hacked every couple of days, its not the actual site but the hosts server thats getting attacked, all sites on that server, well actually all thier servers.
They have made no attempt to sort this problem, i report it they look at the site and say "site loads fine for us" which it does.
All index files are having a base64 encode line written after the <body> tag, this adds hundreds of spam links which are hidden with display:none; they also add .html to application types in htaccess for php to run in these files too.
Problem is, i am moving the site to another host but cannot change the nameservers to the new host's untill the client returns from a holiday, so i must keep the site up on the insecure host for now.
I am removing the spam code almost daily, is there anyway i can stop this attack happening for the time being, the host does nothing.
Is there a way to stop hotlinking? I have a client who has a blog. They have post pics of tattoos. Now there are at least 50 tattoo forums, blogs and other sites hotling to the pics. Now his bandwidth usage has skyrocketed. So enable hotlink protection in his cPanel. Just did a redirect to my main hosting site with a nice please stop hotlink image. Now I see all this in my logs. So I then made a 150 x 9000 clear BG gf with the text at the top please stop hotlinking.
My questions is there any way to stop it. If not should I just make a 1x1 clear gif to redirect to? Also is there a way to not have this traffic show in my log files?
I have received quite a few emails from senders claiming to be the recipients [in this case one of my email accounts]. I did not send these emails. This is happening with almost every email account I have setup on one of my domains.
I know this is probably an easy fix-- I am simply unsure of what it is.
I noted that someone else recently posted a similar question-- with only one response. I wanted to see if another post my garner another response.
i've a vps with iptables, but i've too much traffic (RX), there are too many packets received from random ports on both upt and tcp. Today in just 14 hours i've 2.8 gib of traffic, without any connection for web, email, etc (i've stopped all the services). How can i stop this? it's going to burn all my monthly traffic
to stop supporting php.ini files in clients account because they can turn off safe mode or any fucntions and options and they can hack server! how i can stop supporting this files
I have a massive spam problem on my server, which I cannot seem to find a cure for. Here is an example of the headers from an example email (from WHM) that is stuck in the mail queue:
Quote:
1HiU0X-0006Y3-O6-Hmailnull 47 12<>1177932329 0-ident mailnull-received_protocol local-body_linecount 78-allow_unqualified_recipient-allow_unqualified_sender-frozen 1177932333-localerrorXX1vrroark@freemail.ru144P Received: from mailnull by host.zaggs.com with local (Exim 4.63)id 1HiU0X-0006Y3-O6for vrroark@freemail.ru; Mon, 30 Apr 2007 12:25:06 +0100045 X-Failed-Recipients: download@host.zaggs.com029 Auto-Submitted: auto-replied058F From: Mail Delivery System <Mailer-Daemon@host.zaggs.com>024T To: vrroark@freemail.ru059 Subject: Mail delivery failed: returning message to sender047I Message-Id: <E1HiU0X-0006Y3-O6@host.zaggs.com>038 Date: Mon, 30 Apr 2007 12:25:06 +01001HiU0X-0006Y3-O6-DThis message was created automatically by mail delivery software.A message that you sent could not be delivered to one or more of itsrecipients. This is a permanent error. The following address(es) failed: download@host.zaggs.com (generated from abraham@keysupplier.com) retry timeout exceeded------ This is a copy of the message, including all the headers. ------Return-path: <vrroark@freemail.ru>Received: from [220.157.245.77] (port=3648 helo=localhost.localdomain)by host.zaggs.com with smtp (Exim 4.63)(envelope-from <vrroark@freemail.ru>)id 1HiU0X-0006Xu-7rfor abraham@keysupplier.com; Mon, 30 Apr 2007 12:25:06 +0100Message-ID: <10fb01c78b19$683b6042$8bc8505a@freemail.ru>From: Noticeable <vrroark@freemail.ru>To: abraham@keysupplier.comSubject: I am 79 years young!Date: Mon, 30 Apr 2007 14:19:48 +0300MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_9E7D5C31.01A57A34"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express V6.00.2900.2180X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180This is a multi-part message in MIME format.------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: 7bit A few words about HGH LifeI have been taking HGH Life for five weeks and there is a noticeable improvementin me overall. Waking up without muscular pain is the most obvious! WhenI run out, I shall be ordering as much as my pension will allow. I am inEngland and am 79 years young!Order HGH Life online ------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"><META content=3D"MSHTML 6.00.2900.2912" name=3D"GENERATOR"></HEAD><BODY text=3D#000000 bgColor=3D#ffffff><font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font =face=3D"Arial" color=3D"#009900" size=3D"5"><strong>A few =words about HGH Life™</strong></font></p><p align=3D"center"><font face=3D"Arial">I have been taking HGH =Life™ <strong>for five weeks </strong>and there is a noticeable =improvement in me overall. Waking up without muscular pain is the most =obvious! When I run out, I shall be ordering as much as my pension will =allow. I am in England and am <strong>79 years =young</strong>!"</font></p><p align=3D"center"><a href=3D"http://worldwdefull.com"><strong><font =face=3D"Arial" color=3D"#ff6600" size=3D"4">Order HGH Life™ =online</font></strong></a></p></font></BODY></HTML>------=_NextPart_000_0000_9E7D5C31.01A57A34--
I can confirm that the person who is doing this IS NOT using the 'nobody' user because I am keeping a spam_log for that.
How else is a user able to use our server for spam? Please help as I would like to get this sorted ASAP.
I have my own server which I use for my own websites.
I use the following features of WHM -
Creating accounts Deleting accounts Creating "packages" for my accounts Restarting services ...and possibly one or two other items once or twice a year.
I use the following features in Cpanel -
Checking statistics Adding e-mail accounts ...and possibly one or two other items once or twice a year.
I'd like to break the (small) WHM/Cpanel habit I have and do all of the above via the command line.
One of the servers have 1 account on, but seems like its extremely attacked. I cannot SSH and many packet loss. so I asked softlayer and they access it and said its a SYN Flood as from the /var/log/messages (I cannot see it as the server is not accessable) they put the main public ip under Cisco guard but still didn't help. when I asked for any solution, unfortunaly I were told there isn't and have to wait the attackers to stop as it comes from MANY addresses that iptables even won't help.
Isn't there any solution (software-hardware) to stop that ?
