Hi everyone - I am really struggling trying to fix a spammer problem. Hopefully someone can assist or show me the error of my ways.
I have a VPS with a number of websites running, mainly Joomla. Recently, a few sites have been hacked. The spammers managed to place some scripts on the root directory.
Sites getting hacked is not the problem...
The real issue is that when/if a site gets hacked, my entire server's email gets OWNED. They jack my allocation and screw all my other accounts in 12 seconds.
***** NOTE *****
I have included one of the thousands of emails sent out by the rouge script below. I replaced the domain with a placeholder.
***************
So the idea here is that I'm trying to minimize the damage an account can do to my other accounts if it gets hacked.
I have done the tweak settings approach without luck.
And I do have CSF running on the site, btw.
Anyway, silly me :p:p:p You see I thought when tweak settings stated: "Max hourly emails per domain" that meant "Max hourly emails per domain". I set it to 5 and it stopped at 1000 because that's all that I'm allowed per day for ALL domains. NOT what I would have expected.
And I also thought that when tweak settings said: "Maximum percentage of failed or deferred messages a domain may send per hour", and I set that to 3% and had emails by domain set to 5, then I should NOT expect to see 32,000 emails in my mail Queue.
So obviously the account owner's have privileges that are too high.
I tried some other things as well:
1) Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)"
Result: There was an error updating Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak).
(BTW, what differene does it make? You can see below that the spammer script is setting itself to localhost and cPanel is ignoring the idea that the domain is not allowed to do this.
2) I changed CFS to NOT limit SMTP and tried the above. Same result so I changed it back.
So, to summarize:
- How do I limit users so under their domains they cannot send out more emails than they are allowed?
I'm sure that there is some setting or configuration that will actually limit user emails, but for the life of me I cannot get this working. I would be very grateful for any assistance.
Thanks in advance.
=================================
Event: success
User: THISUSERNAME
Domain: THISDOMAINNAME.org
Sender: [email protected]
Sent Time: May 18, 2013 3:25:03 AM
Sender Host: localhost
Sender IP: 127.0.0.1
Authentication: localuser
Spam Score:
Recipient: [email protected]
Delivered To: [email protected]
Delivery User: -remote-
Delivery Domain:
Router: send_to_smart_host
Transport: remote_smtp
Out Time: May 18, 2013 3:25:03 AM
ID: 1UdeKl-0006EE-QG
Delivery Host: dedrelay.where.secureserver.net
Delivery IP: 208.109.80.54
Size: 884 bytes
Result: Message accepted
=======================================
I have a VPS with a number of websites running, mainly Joomla. Recently, a few sites have been hacked. The spammers managed to place some scripts on the root directory.
Sites getting hacked is not the problem...
The real issue is that when/if a site gets hacked, my entire server's email gets OWNED. They jack my allocation and screw all my other accounts in 12 seconds.
***** NOTE *****
I have included one of the thousands of emails sent out by the rouge script below. I replaced the domain with a placeholder.
***************
So the idea here is that I'm trying to minimize the damage an account can do to my other accounts if it gets hacked.
I have done the tweak settings approach without luck.
And I do have CSF running on the site, btw.
Anyway, silly me :p:p:p You see I thought when tweak settings stated: "Max hourly emails per domain" that meant "Max hourly emails per domain". I set it to 5 and it stopped at 1000 because that's all that I'm allowed per day for ALL domains. NOT what I would have expected.
And I also thought that when tweak settings said: "Maximum percentage of failed or deferred messages a domain may send per hour", and I set that to 3% and had emails by domain set to 5, then I should NOT expect to see 32,000 emails in my mail Queue.
So obviously the account owner's have privileges that are too high.
I tried some other things as well:
1) Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)"
Result: There was an error updating Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak).
(BTW, what differene does it make? You can see below that the spammer script is setting itself to localhost and cPanel is ignoring the idea that the domain is not allowed to do this.
2) I changed CFS to NOT limit SMTP and tried the above. Same result so I changed it back.
So, to summarize:
- How do I limit users so under their domains they cannot send out more emails than they are allowed?
I'm sure that there is some setting or configuration that will actually limit user emails, but for the life of me I cannot get this working. I would be very grateful for any assistance.
Thanks in advance.
=================================
Event: success
User: THISUSERNAME
Domain: THISDOMAINNAME.org
Sender: [email protected]
Sent Time: May 18, 2013 3:25:03 AM
Sender Host: localhost
Sender IP: 127.0.0.1
Authentication: localuser
Spam Score:
Recipient: [email protected]
Delivered To: [email protected]
Delivery User: -remote-
Delivery Domain:
Router: send_to_smart_host
Transport: remote_smtp
Out Time: May 18, 2013 3:25:03 AM
ID: 1UdeKl-0006EE-QG
Delivery Host: dedrelay.where.secureserver.net
Delivery IP: 208.109.80.54
Size: 884 bytes
Result: Message accepted
=======================================