The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HELP! My Server is being used for spam

Discussion in 'General Discussion' started by iKHost, Feb 15, 2003.

  1. iKHost

    iKHost Member

    Joined:
    Nov 2, 2002
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Ok, yestersay I noticed exim cpu usage skyrocketting and many instances of it open. I have looked through the logs and it does not appear that someone is spamming through POP butr through a script. What can I do to identify the script used?
    I know the times of actual attacks so I can trace it if this is needed.

    Please help, right now I am restarting exim every half hour or so (oh it seems to start every 30 minutes too, where can I check to see what cron jobs my clients have scheduled)

    TIA
     
  2. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Look in /var/spool/exim/input and msglog.

    grep for users

    in input look at the group that owns the files.

    That's a start.
     
  3. iKHost

    iKHost Member

    Joined:
    Nov 2, 2002
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    IP?

    I have an IP, how can I check to see if any of my clients have logged in using that IP? I already checked /etc/httpd/logs/access_log
     
  4. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    check through /var/log/

    mainly look at messages and secure.
     
  5. iKHost

    iKHost Member

    Joined:
    Nov 2, 2002
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    nothing..

    nothing there about that IP, is it possible one of my clients is using a mailing list to do this? How can I shut off lists?
     
  6. sac-host

    sac-host Member

    Joined:
    Jan 5, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    how do you restrict smtp to authenticate???
     
  7. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    /var/spool/exim/input and msglog

    These two directories show no files at all on my Server -- is that correct? Seems there should be something in there.
     
  8. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    The only time there would anything in there is when there is incoming/outgoing mail in the queue.
     
Loading...

Share This Page