Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

HELP! My Server is being used for spam

Discussion in 'General Discussion' started by iKHost, Feb 15, 2003.

  1. iKHost

    iKHost Member

    Joined:
    Nov 2, 2002
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    Ok, yestersay I noticed exim cpu usage skyrocketting and many instances of it open. I have looked through the logs and it does not appear that someone is spamming through POP butr through a script. What can I do to identify the script used?
    I know the times of actual attacks so I can trace it if this is needed.

    Please help, right now I am restarting exim every half hour or so (oh it seems to start every 30 minutes too, where can I check to see what cron jobs my clients have scheduled)

    TIA
     
  2. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Look in /var/spool/exim/input and msglog.

    grep for users

    in input look at the group that owns the files.

    That's a start.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. iKHost

    iKHost Member

    Joined:
    Nov 2, 2002
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    IP?

    I have an IP, how can I check to see if any of my clients have logged in using that IP? I already checked /etc/httpd/logs/access_log
     
  4. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    check through /var/log/

    mainly look at messages and secure.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. iKHost

    iKHost Member

    Joined:
    Nov 2, 2002
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    nothing..

    nothing there about that IP, is it possible one of my clients is using a mailing list to do this? How can I shut off lists?
     
  6. sac-host

    sac-host Member

    Joined:
    Jan 5, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    151
    how do you restrict smtp to authenticate???
     
  7. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,505
    Likes Received:
    1
    Trophy Points:
    318
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    /var/spool/exim/input and msglog

    These two directories show no files at all on my Server -- is that correct? Seems there should be something in there.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    The only time there would anything in there is when there is incoming/outgoing mail in the queue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice