| Posted by SubZeroHost, 03-23-2010, 03:23 PM | | Okay so on my VPS someone keeps sending out spam on my server and now my host has nulled my IP. So please help so I can get my VPS back up.
I was told to run
to stop these spammers and it seems to stop it for a couple of weeks but than I start getting the spam complaints again from my host.
So if you know how to block these spammers than please help me.
VPS Operating System:
|
| Posted by vapetrov, 03-23-2010, 04:22 PM | | Here iptables rules which allow to make connections to remote SMTPs only to user root and members of group mail. Connection to local 127.0.0.1 allowed to everybody.
-A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
But it will not solved root problem.
I strongly suggest you to audit your server and found malicious scripts and security holes.
|
| Posted by kencox, 03-23-2010, 04:24 PM | | configure smtp auth. What mail program are you running? Do you have We Forms on the server that are not secure?
|
| Posted by SubZeroHost, 03-23-2010, 04:29 PM | | I run like 3 wordpress blogs, a few Glype proxys, and a vBulletin forum Version 3.8.3.
|
| Posted by kencox, 03-23-2010, 04:33 PM | | Have you installed wordpress cpatcha?
http://wordpress.org/extend/plugins/simple-captcha/
|
| Posted by SubZeroHost, 03-23-2010, 04:39 PM | | Doesn't that just stop comment spam? I need to stop email spam.
|
| Posted by kencox, 03-23-2010, 05:06 PM | | What is the mail program you are running? sendmail, exim, qmail?
If you have a form that sends mail on any of the sites and you are not requiring the email to be sent from your site@referers = "www.your-domain.com"
If you have an example of the mail logs that might help as well.
|
| Posted by keserhosting, 03-24-2010, 08:30 AM | | Just try to check the maillogs it will definitely help you to trace the spammers.
|
| Posted by Crashus, 03-24-2010, 10:17 AM | | Check out your maillogs, maybe there are few spammers and you will need to only disable them.
Are you using any firewall software like CSF? It is very handy.
Hire\ask an admin to help you.
|
| Posted by ksv2nash, 03-24-2010, 12:27 PM | | Hello,
optimized my.cnf
Added iptables rules
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
Thanks,
Regards,
|
| Posted by Crashus, 03-24-2010, 12:28 PM | | my.cnf is all about mysql and these rules are not helping with mail at all actually.
|
| Posted by ksv2nash, 03-24-2010, 12:34 PM | | Hello,
he must have some setting in it
|
| Posted by ksv2nash, 03-24-2010, 12:53 PM | | Hello,
Do following for stop spamming
Search the php.ini file for:
disable_functions =
Add the following:
disable_functions = dl,system,exec,passthru,shell_exec
register_globals = On
Replace it with
register_globals = Off
Run PHP through PHPsuexec Preventing Nobody Access
|
| Posted by SubZeroHost, 03-24-2010, 02:43 PM | | Okay so this is what my VPS company I used has told me
So I use iptables with Centos. So how do I block all the smtp connections?
and to update the packages I just do ?
|
| Posted by Crashus, 03-24-2010, 04:29 PM | | okay you really need to install csf for iptables.
Have you blocked 25 port in iptables? Have you blocked another SMTP ports?
|
| Posted by SubZeroHost, 03-24-2010, 05:51 PM | | The only command I have ran is
|
| Posted by SubZeroHost, 03-24-2010, 06:45 PM | | Alright I installed csf do I need to do anything extra to make it work?
|
| Posted by Sileep Kumar M S, 03-24-2010, 07:19 PM | | CSF or IPTABLES rules wont prevent spamming. You need to find the exact script which is sending spam, and then block it.
|
| Posted by SubZeroHost, 03-24-2010, 07:25 PM | | How can I find the script?
|
| Posted by Sileep Kumar M S, 03-24-2010, 08:00 PM | | Which mail server you are using? Qmail, Sendmail, Exim, Postfix?
|
| Posted by SubZeroHost, 03-24-2010, 08:06 PM | | I use qmail.
|
| Posted by SubZeroHost, 03-24-2010, 08:28 PM | | I found this in /usr/local/lxlabs/kloxo/log/mail_send
|
| Posted by Negizmo, 03-24-2010, 11:40 PM | | Just thought I'd add this bit.
Your iptables rule probably only worked for a short period before sporadically becoming ineffective because the VM was rebooted. iptables rules are (generally) lost on reboot.
To fix that, you must follow something along these lines: http://linux.derkeiler.com/Mailing-L.../msg03684.html (for RHEL-based)
|
| Posted by ksv2nash, 03-25-2010, 05:27 AM | | Hello,
I think you must need Admin for all this ?
|
| Posted by SubZeroHost, 03-25-2010, 06:01 AM | | Thanks lets hope this works
|
| Posted by ksv2nash, 03-25-2010, 06:43 AM | | Hello,
You can install csf using followings
rm -rf csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzvf csf.tgz
cd csf
./install.sh
|
| Posted by SubZeroHost, 03-25-2010, 12:32 PM | | I installed csf.
Do I have to do anything additional to it to make it stop the spam?
|
| Posted by ksv2nash, 03-25-2010, 12:38 PM | | Hello,
Do following step
cd /etc/csf
vi csf.conf
And make CSF active by editing the file and putting a '0' in line:
TESTING = "1"
|
| Posted by SubZeroHost, 03-25-2010, 01:05 PM | | Alright I did that. Now I noticed in the .conf file these line
Should I remove port 25 from that list to block it?
|
| Posted by ksv2nash, 03-25-2010, 01:09 PM | | Hello,
yes you can
|
| Posted by Crashus, 03-25-2010, 04:38 PM | | take a look at csf manual, you need to leave 25 outgoing port for only root and mail users
|
| Posted by SubZeroHost, 04-06-2010, 01:33 PM | | I just got another spam complaint from my host.
And in the email they sent me I noticed this
So does that mean the spammers are using webmail.xcelco.on.ca to send spam?
If you want I can post the full abuse message.
|
| Posted by Crashus, 04-06-2010, 02:31 PM | | You need to post full message
|
| Posted by SubZeroHost, 04-06-2010, 02:36 PM | |
|
| Posted by SubZeroHost, 04-07-2010, 05:55 PM | | So what does that email tell us?
|
| Posted by ALEXEI_M, 04-07-2010, 10:13 PM | | I advising you to install csf v5.01 and Exploit Scan Service.This service package is intended to look for exploits or outgoing spam on a server and provide a report of suggested enhancements that you can implement to make the server more secure.
And you can set limited outgoing mails ( SMTP ) Set 150- 200 mails per hour.
Once you identified the spammer just delete his account permanently.
|
| Posted by Andrew Moore, 04-07-2010, 11:17 PM | | http://sultanserver.com/
Use their software, It works wonders. Has a cPanel Plugin too
|
| Posted by ZKuJoe, 04-08-2010, 05:00 AM | | AVOID THAT LINK!!! ASSP is awesome, I use it on my servers, but running an older version with outdated data and unpatched bugs is not wise. Spend a few bucks and pick up ASSP Deluxe if you need a GUI, if not ASSP is free but make sure you use the current version.
|
|
 Add to Favourites
 Print this Article
|
