The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

compromised script sending spam? How to find it?

Discussion in 'General Discussion' started by schwim, Nov 20, 2006.

  1. schwim

    schwim Well-Known Member

    Joined:
    Aug 2, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Hi there guys,

    I have a dedicated server through GoDaddy. I've had ConfigServer.com work their magic on it, and it seems to be locked down pretty well.... however, your server is only as safe as what you allow to be put on it, right?

    Well, this morning at 1:27 am, I received a notice from GoDaddy, that I had reached my smtp relay limit of 15,000. The logs show nowhere near that number, so I'm figuring that it's a script that has been compromised. I monitor my mailwatch system, I limit the amount of mail allowed to be sent through user's accounts, so I'm pretty sure that it's not a legitimate smtp connection that is causing this.

    Server load stays low, although httpd is restarting multiple times an hour. I am checking the stats through WHM and tailing the /var/log/messages, looking for something to clue me in, but I can't see a single thing that would reflect that volume of email being sent.

    What's the best way to pinpoint the problem? I've got over 30 domains with every type of script imaginable being run by the clients.

    thanks,
    json
     
  2. schwim

    schwim Well-Known Member

    Joined:
    Aug 2, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    no httpd restarts since 7:20 this morning, and I just received the first notice of the night that httpd restarted. I checked the chkservd log, and it simply states:

    Which isn't a bunch of help. messages doesn't show me anything useful either.

    Any help at all would be greatly appreciated, as I suspect this problem isn't going to go away.

    thanks,
    json
     
  3. schwim

    schwim Well-Known Member

    Joined:
    Aug 2, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Thanks very much for your help. I appreciate it more than you can know.

    thanks,
    json
     
  4. pokerz

    pokerz Registered

    Joined:
    Mar 10, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Daily SMTP Relay Limit Reached

    Did anyone figure this one out? My SMTP relay is also maxing out and I can only change one thing at a time to test because Godaddy won't reset the relay and it only resets at midnight so this could take forever. Today I checked the box (POP before SMTP) crossing my fingers until midnight again.... If anyone knows the fix, please fill me in!
    Thank you,
    Pokerz
     
Loading...

Share This Page