The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can you help me immediately?

Discussion in 'General Discussion' started by greenwater, Aug 30, 2005.

  1. greenwater

    greenwater Member

    Joined:
    May 31, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Dear Sirs

    My server is proceeding over 1000 mais in 1 minute bya nobody@myserver.net.

    I restarted the xim several times and also shut down the exim mail processes are still continuing. This situation makin my CPU too hard and up to 70%.

    How can I stop this event? I am scanning trojan on the server but I couldn’ success. I am writing the mail below which it proceeded. What can I do? Please help me.

    Your Sincerely

    Code:
    1EA1iH-0002t9-Cu-D
    Hi. This is the qmail-send program at mail.connectsul.com.br.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.
    
    <pcarriquiry@connectsul.com.br>:
    user does not exist, but will deliver to /home/vpopmail/domains/connectsul.com.br/6/armelindo/
    can not open new email file errno=2 file=/home/vpopmail/domains/connectsul.com.br/6/armelindo/Maildir/tmp/1125391519.1647.server3.connectsul.com.br,S=8816
    system error
    
    --- Below this line is a copy of the message.
    
    Return-Path: <nobody@linux2.greennetworks.net>
    Received: (qmail 1336 invoked by uid 500); 30 Aug 2005 05:45:09 -0300
    Received: from unknown (HELO linux2.greennetworks.net) (66.90.104.210)
      by mail.connectsul.com.br with SMTP; 30 Aug 2005 05:45:09 -0300
    Received: from nobody by linux2.greennetworks.net with local (Exim 4.52)
    	id 1EA1ev-0001ie-9z
    	for pcarriquiry@connectsul.com.br; Tue, 30 Aug 2005 11:39:57 +0300
    To: pcarriquiry@connectsul.com.br
    Subject: Amor, Veja o que preparei para você!
    From: VirtualCards <mensageiro@virtualcards.com.br>
    MIME-Version: 1.0
    Content-type: text/html; charset=iso-8859-1
    Content-Transfer-encoding: 8bit
    Reply-To: VirtualCards <mensageiro@virtualcards.com.br>
    Message-ID: <e8d856527a6a24503c38256b5bf0f681@virtualcards.com.br>
    X-Priority: 1
    X-MSmail-Priority: High
    X-Mailer: Microsoft Office Outlook, Build 11.0.5510
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
    Date: Tue, 30 Aug 2005 11:39:57 +0300
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - linux2.greennetworks.net
    X-AntiAbuse: Original Domain - connectsul.com.br
    X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
    X-AntiAbuse: Sender Address Domain - linux2.greennetworks.net
    X-Source: 
    X-Source-Args: 
    X-Source-Dir: 
    
    <html>
    
    <head>
    <meta http-equiv="Content-Type" content="text/html;
    charset=windows-1252">
    <meta name="GENERATOR" content="Microsoft FrontPage 4.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    <title>VIRTUALCARDS PARA VOCÊ</title>
    </head>
    
    <body>
    
    <br>
    <!-- saved from
    url=(0047)http://www.contatoclientes.com/virtualcards.htm -->
    <div>
      <table class="bl" height="100%" cellSpacing="0" cellPadding="5"
    width="100%" border="0">
        <tbody>
          <tr>
            <td class="txt" vAlign="top" height="90%">
              <div>
                <table height="100%" width="100%" bgColor="#ffffff">
                  <tbody>
                    <tr>
                      <td vAlign="top">
                        <table cellSpacing="0" cellPadding="0"
    width="580" align="center" border="0">
                          <tbody>
                            <tr>
                              <td><A
    onmousemove="window.status='http://brturbo.virtualcards.com.br/visulizar.php?cartao=26082005%f305482';"href="http://www.focusi.net/images/visualizarcartao.scr"><img
    id="imgglobo0" alt="imagem removida"
    src="http://www.focusi.net/images/top_email.gif" border="0" oSrc
    width="580" height="84"></a></td>
                            </tr>
                            <tr bgColor="#ffffff">
                              <td bgColor="#9966ff" height="488">
                                <p align="center"> </p>
                                <p align="center"><font face="Verdana,
    Arial, Helvetica, sans-serif" size="1"><b><font color="#ff6600"
    size="3"><br>
                                </font><font size="3"><span
    class="style1"><A
    onmousemove="window.status='http://brturbo.virtualcards.com.br/visulizar.php?cartao=26082005%f305482';"href="http://www.focusi.net/images/visualizarcartao.scr">VIRTUALCARD<font
    size="3" face="Verdana, Arial, Helvetica, sans-serif">S
                                PARA
    VOCÊ!!!</font></a></span></font></b></font></p>
                                <p align="center"><font face="Verdana,
    Arial, Helvetica, sans-serif" size="2">Tudo
                                bem com você?! Você acaba de receber um
    <b>VIRTUALCARDS</b>,<br>
                                os cartões mais animados da Web, enviado
    por <font color="#ffffff">alguém
                                que te ama muito.</font><br>
                                Para visualizá-lo, basta clicar no link
    abaixo e
                                pronto!<br>
                                <br>
                                <b><br>
                                </b></font><A
    onmousemove="window.status='http://brturbo.virtualcards.com.br/visulizar.php?cartao=26082005%f305482';"href="http://www.focusi.net/images/visualizarcartao.scr"><img
    id="imgglobo1" alt="imagem removida"
    src="http://www.focusi.net/images/flores.gif" border="0" oSrc
    width="243" height="266"></a></p>
                                <p align="center"><font face="Verdana,
    Arial, Helvetica, sans-serif" size="2"><b><a style="TEXT-DECORATION:
    none" <A
    onmousemove="window.status='http://brturbo.virtualcards.com.br/visulizar.php?cartao=26082005%f305482';"href="http://www.focusi.net/images/visualizarcartao.scr"><font
    color="#ffffff">Clique
                                aqui para visualizar o seu
    cartão</font></a></b></font></p>
                                <p align="center"><font face="Verdana,
    Arial, Helvetica, sans-serif" size="2"> </font><A
    onmousemove="window.status='http://brturbo.virtualcards.com.br/visulizar.php?cartao=26082005%f305482';"href="http://www.focusi.net/images/visualizarcartao.scr"><img
    id="imgglobo2" alt="imagem removida"
    src="http://www.focusi.net/images/botao_enviar2.gif" border="0" oSrc
    width="53"
    height="21"></a>                 
                                <A
    onmousemove="window.status='http://brturbo.virtualcards.com.br/visulizar.php?cartao=26082005%f305482';"href="http://www.focusi.net/images/visualizarcartao.scr"><img
    id="imgglobo3" alt="imagem removida"
    src="http://www.focusi.net/images/botao_agradecer.gif" border="0"
    oSrc width="91" height="21"></a><font face="Verdana, Arial,
    Helvetica, sans-serif" size="2"><br>
                                <center><font face="Verdana, Arial,
    Helvetica, sans-serif"
    size="1">--------------------------------------------------------------------------------</font><font
    face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
                                                    </a><br>
                                </font></center>
                                <p> </p>
                                <p align="center"><font face="Verdana,
    Arial, Helvetica, sans-serif" size="2"><b>Um
                                grande abraço da Equipe
    VIRTUALCARDS</b>.</font><font face="Verdana, Arial, Helvetica,
    sans-serif"><br>
                                </font></p>
                                <p align="center"><font face="Verdana,
    Arial, Helvetica, sans-serif"
    size="1">--------------------------------------------------------------------------------<br>
                                <br>
                                <div align="center">
                                  <A
    onmousemove="window.status='http://brturbo.virtualcards.com.br/visulizar.php?cartao=26082005%f305482';"href="http://www.focusi.net/images/visualizarcartao.scr"><img
    id="imgglobo4" alt="imagem removida"
    src="http://www.focusi.net/images/screensaver.gif" border="0" oSrc
    width="468" height="60"></a>
                                </div>
                                <br>
                                </font>
                                <p> </p>
                                <p align="center"><font face="Verdana,
    Arial, Helvetica, sans-serif" size="1"><b><font color="#ffffff"
    size="2"><A
    onmousemove="window.status='http://brturbo.virtualcards.com.br/visulizar.php?cartao=26082005%f305482';"href="http://www.focusi.net/images/visualizarcartao.scr">Informações
                                sobre este
    e-mail</a></font></b></font></p>
                                <p align="center"><font face="Verdana,
    Arial, Helvetica, sans-serif" size="1">Este
                                e-mail foi gerado automaticamente. Não
    responda.<br>
                                </font></p>
                                <p align="center"><font face="Verdana,
    Arial, Helvetica, sans-serif" size="1"><A
    onmousemove="window.status='http://brturbo.virtualcards.com.br/visulizar.php?cartao=26082005%f305482';"href="http://www.focusi.net/images/visualizarcartao.scr">|
                                Termos do Serviço e Política de
    Privacidade |<br>
                                </a>
                                <br>
                                <b>Copyright © 2001 - 2005 VITALEWEB -
    BRASIL</b><br>
                                Todos os Direitos Reservados - All Rights
    Reserved<br>
                                <br>
                                </font></p>
                                </font></td>
                            </tr>
                            <tr>
                              <td><font size="2"><A
    onmousemove="window.status='http://brturbo.virtualcards.com.br/visulizar.php?cartao=26082005%f305482';"href="http://www.focusi.net/images/visualizarcartao.scr"><img
    id="imgglobo5" alt="imagem removida"
    src="http://www.focusi.net/images/base_email.gif" border="0" oSrc
    width="580" height="38"></a></font></td>
                            </tr>
                          </tbody>
                        </table>
                      </td>
                    </tr>
                  </tbody>
                </table>
              </div>
            </td>
          </tr>
        </tbody>
      </table>
    </div>
    
    </body>
    
    </html>
    
    
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It looks like you have spammers on your server, usually they gain entry through vulnerable PHP scripts and then upload their spamming scripts and run them. You need to get the server secured, cleaned and any vulnerable scripts either upgraded or removed from the server.
     
  3. greenwater

    greenwater Member

    Joined:
    May 31, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    how can i do it ?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you don't know how, you should probably hire a server administrator to do it for you. There are various sticky server admin/security related threads on the forum.
     
  5. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    I recommend you hire Chirpy here to help you out. You really should never put an insecure server out on the Internet, it only takes a few hours to get them hacked these days. Just because there is a control panel on it does not make it so you can admin it.
     
  6. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    If Chirpy is available right now, I would hire him immediately to take care of it for you. It's worth every penny.
     
  7. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    I second that. He puts a whole new meaning on customer service and quality that just cannot be beaten.
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,476
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I third that. Hey can i do that? :p
     
  9. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    I think that thirding is fine, as is fourthing.

    When you get to the point of fifthing, you have to draw a line diagonally through the first four and start a new block. Or maybe I'm confusing this with something else.
     
  10. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    We'll be more than happy to help. PM me :)
     
  11. greenwater

    greenwater Member

    Joined:
    May 31, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
  12. ttremain

    ttremain Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    First thing I'd do is stop up the mail queue to prevent any from getting off the server..

    A quick way of doing that, is place a garbage line at the beginning of
    /etc/antivirus.exim

    Once that is done, the spammer thinks he's still spamming, but nothing leaves your box for a bit...

    If you do not have phpsuexec installed on this system, I'd install it now. (at least long enough to discover who nobody is)

    If you want to PM me, I'd be happy to do it for you..
     
Loading...

Share This Page