Will Pay For Help

[prettydumb]

Look at my name.

What more can I say?

Not dumb in all things, but certainly when it comes scripts and such. (yes that was a south carolina accent)

My mail server is being bombarded with spam

Observing the /var/log/exim_mainlog, I noticed it was quite large. I would refresh and within a couple minutes, watch it increase over 100,000 bytes.

Reviewing that log, I see the TO: addresses trying to be delivered are mostly local and are not addresses I have created. I own all of the domains (no reselling) so I am certain of the spam. You will also notice the "too many connections" error quite often. I assume legit requests to access the server are being denied???

After I deleted these files mentioned, my /md1 dropped to about 70% full.

I left for dinner and returned to find it had already jumped back up to 88%
full and climbing quickly.

I was suspicious of two IP's which were trying to access the server every few
seconds via ssh. I was never able to resolve where to ban these IP's. It tunred out to be more than just two as I am many of you have had experience seeing in these cases. At least the person I am writing this message for anyway.

Around this same time I noticed this error in the logs...


===========================================

2007-08-24 15:45:30 1IOg26-0003rH-0Q Cannot open main log file

"/var/log/exim_mainlog": Permission denied: euid=47 egid=12
2007-08-24 15:45:30 1IOg26-0003rH-0Q <= root@server2.gigasurf.com

U=root P=local S=460
2007-08-24 15:45:30 1IOg26-0003rH-0Q Cannot open main log file

"/var/log/exim_mainlog": Permission denied: euid=47 egid=12


===========================================

The /md1/ partition was down to about 97% full when I last deleted the bandwidth files just to keep the system healthy while we figured out what was going on.

My host company has little experience with cpanel, so we settled on a script which would dlete the exim_mainlog. However, this is set to delete every 5 minutes leaving me little time to decipher the mail stats.

In short....I want my server back and am willing to pay a pro to fix it. Not only fix it, but prepare it for future attacks.

Anyone here up for hire?

I look forward to your response.

Russ


p.s. i have a handful of domains which are set to :blackhole:, but want them set to :fail:
is there an easier way to change all of these over without having to enter each domains cpanel.

Told ya I was prettydumb

[mohit]

hi,
seems you need to get your server checked by an expert.
I would strongly recommend you visit and hire www.configserver.com

they have the services you need, and they are one of the best.

Ask them for exploit detection and cpanel security services, they can handle this very well.

thanx
mohit

[prettydumb]

mohit, mohit, mohit!

Thanks!

I have just placed an order.

I'll post my review on them after their work so other dummies will know where to turn.

Thanks again.