The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BCC Form Spam is not logged anywhere

Discussion in 'General Discussion' started by jerrek71, Oct 2, 2006.

  1. jerrek71

    jerrek71 Active Member

    Joined:
    Jul 27, 2006
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    6
    That I can find at least :)

    I have a PHP script on my server which has been used to send out lots and lots of spam to AOL. I only discovered this because Hotmail blocked me a week ago and in the course of discussion with them I discovered that my machine had sent over 600 messages per day to them.

    Upon checking deeper (and looking directly at the queue files) I discover that the same script has been used to send to more like 6000 AOL e-mail addresses per day.

    I've installed Mod Security now, and sorted out the erroneous script (though no doubt there will be more in the future).

    But, what I do not understand is that NONE of these messages show in my MailWatch reports. If they had I may have tracked this down a lot quicker. My MailWatch reports show only messages to AOL that were legitimate.

    Anyone have any idea how a message could appear in the outbound queue but not show in MailWatch?

    Cheers,
    Steve
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If the email isn't logged in exim_mainlog then the script was likely sending email directly through port 25 and bypassing exim entirely.
     
  3. jerrek71

    jerrek71 Active Member

    Joined:
    Jul 27, 2006
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    6
    Hi Chirpy,
    That's what I would have thought to, except for a couple of things;

    I have ConfigServer firewall set to block port 25 outbound except for exim, root and mailman. The script sending mail was a PHP script, owned by 'deardiar' account (using the PHP mail() command).

    Also, any delayed messages DO show in the exim mail queue in cPanel, but do not show in the MailWatch statistics.

    I think the messages are being logged in exim_mainlog - though there's so many it's hard to be sure. But they're definitely not being logged into the MailWatch stats.

    Regards,
    Steve.
     
Loading...

Share This Page