Knowledgebase

HELP,,, chasing a spammer on my server

Posted by nahhab, 08-20-2008, 05:30 PM
I have found a spam email originated from my server and I found huge mail queue. It seems that the spammer is still using my server to send spam. How can I identify the account and the security hole behind this? and How to secure againest such attacks.. WOULD APPRECIATE ANY QUICK HELP AS THIS IS ON GOING ON MY SERVER AS WE SPEAK...
Posted by Frontpage1, 08-20-2008, 06:36 PM
A) What OS is your server running? Mac Linux etc B) Stop your mail function until you find the security hole. Example command: # killall -9 exim C) Look at the bounce spam mail headers to see what script/path is producing it on your server.
Posted by david510, 08-20-2008, 08:04 PM
What OS does your server have? Any control panel installed?
Posted by TheITAdvisory, 08-20-2008, 09:42 PM
What mail server are you running? Do you use port 25 for smtp? Is your mail server setup as a relay? Do you have an insecure PHP, CGI, ASP script on your server, or one that sends mail?
Posted by nahhab, 08-21-2008, 02:15 AM
I have Centos 5, WHM/Cpanel, Exim mail server. And yes I'm using 25 for SMTP. I have searched for all FORMMAIL scripts and disabled them (CHMOD) I found the mail queue having more than 80,000 items and deleted them all. I actually dont know what log exactly do I need to look at, or where to find bounced spam emails.
Posted by nahhab, 08-21-2008, 08:18 AM
I have enabled exim extended logging and after few minutes the spammer came back and I discoved the script used for spamming. I suspended the user account and disabled the script. I also reported the IP and time to the ISP provider who owns the IP. Is there anything else you recommend I do? Thanks,
Posted by Frontpage1, 08-21-2008, 10:50 AM
Yeah, I would recommend using these free Cpanel spam/mail applications: MailScanner Front-End for cPanel Users http://www.configserver.com/cp/msfe.html ConfigServer Mail Queues (cmq) http://www.configserver.com/cp/cmq.html ConfigServer Mail Manage (cmm) http://www.configserver.com/cp/cmm.html
Posted by brianoz, 08-28-2008, 11:12 AM
Also, set max emails per hour to a low limit (like 250) in WHM. Install CSF which will alert you to excessive emails and helps with other aspsects of security ConfigServer Firewall http://www.configserver.com/cp/csf.html


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Advice needed. (Views: 604)
HiVelocity site is down? (Views: 688)
need reviews about prometeus.net vps (Views: 621)
CPanel quotas and NFS (Views: 587)
Server-wide email problem to @sbcglobal.net addresses. (Views: 586)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.