Knowledgebase
Urgent: Need help to stop email hijacking
| Posted by longpt, 08-28-2007, 08:25 PM | | Dear all,
My server/website is now hijacking and they use my server for sanding spam.
Please help me to fix this error.
My server: Centos, Cpanel, Ldf
Mysite: Joomla 1.0.13
lfd email:
and I receive thousands of returning email but I don't send them.
Please help me urgent
Thank you in advance
Longpt
|
| Posted by foobic, 08-28-2007, 09:24 PM | | Hacks on Joomla sites are often due to insecure components - remove any you're not using and check for updates to the ones you are.
|
| Posted by longpt, 08-29-2007, 02:09 AM | | I am have uninstall and check component but still being hijaked.
Any one can help me?
|
| Posted by RBBOT, 08-29-2007, 11:45 AM | | Check your web access log for incoming HTTP requests at the times the spam is sent - see if there is a correlation and it should tell you which page is being used.
|
| Posted by Joomlian, 08-30-2007, 07:44 AM | | which components are you using ? can you list them ?
|
| Posted by lazat, 08-30-2007, 04:43 PM | | Sometimes it could be hard to find theright process. Here is a one that workes for me. ( must be done while spammer is working)
If apache is running on the infected host.
use the http:///server-status page.
( enable it first in httpd.conf )
You will see a "w" with the process that is currently working hard to process all email, besides that process you can see what virutal host that is connected to that process.
Now you know what is cousing this...
/ Jonas
|
| Posted by david510, 08-31-2007, 07:20 AM | | Check the stats of the domain that is affected. Block the IPs that you find suspicious. Install mod_security to the server and tighten mod_sec with strong rules. Recompile php to run as CGI.
|
|
 Add to Favourites
 Print this Article
|
Also Read
