The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

help needed, stopping ebay phish sites

Discussion in 'General Discussion' started by HostingShack, Jun 5, 2006.

  1. HostingShack

    HostingShack Member

    Joined:
    Sep 5, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    ok so i offer free hosting and a lot of people are abusing it they use form mail to use on a fake ebay login page the form mailler is located not on my server, is there ANY way i can block the hotlinking off ebays images used on there sites or better yet a script or somthing that slocates *ebay* in a directory every 5 mins and deletes if it finds anything any help please its happend like 25 times and i think my noc is getting tired of the abuse emails from ebay
     
  2. HostingShack

    HostingShack Member

    Joined:
    Sep 5, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cmon guys someone must have an idea :(
     
  3. mbd5882

    mbd5882 Well-Known Member

    Joined:
    Apr 30, 2005
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Manchester, United Kingdom
    cPanel Access Level:
    Root Administrator
    Is there some kind of global htaccess for the whole server admins?
    If so then this may help stop the images or mails. Also ther emust be a way to reject emails from that email.
     
  4. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Well with exim you should edit your /etc/antivirus.exim and add the rules in my article found here http://www.webhostgear.com/338.html

    It will log and stop any phishing type messages from being sent out to /var/log/filter.log
    Check the file regularly. The tutorial has instructions on how to tell where it's coming from.

    As for monitoring phishing related pages being used on the server, there are a few things you could do - such as setup mod_security. Contact me and maybe we can get some rules setup for you.
     
  5. thehostinghut

    thehostinghut Well-Known Member

    Joined:
    Jan 5, 2005
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    16
    My advice would be let rampage do this for you if you don't feel you can do it yourself.

    I can say after posting in another post I used his antivirus.exim filter and it worked. My partner had his yahoo email address set as an email address in a php script and it would not let him send the email. Which is a good thing.

    I would think that it would work the same with the other things also.

    Just my 2 cents.

    Tracy
     
  6. HostingShack

    HostingShack Member

    Joined:
    Sep 5, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    thanks for the replys guys, our exim isnt sending out spam what kind of rules can we put it in mod_security to block this?
     
  7. headout

    headout Well-Known Member

    Joined:
    Aug 20, 2003
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    I'm interested in these rules too. We've seen lots of phishing websites on our servers, which we delete as soon as possible. But some handy mod_sec rules would be great!
     
  8. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    I did a google search, will this do what you want? http://linuxphile.org/node/13

    It won't delete it but you could rename the "ebay" string to something else.
     
  9. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    One instant way of stopping this is making the hosting less anonymous. Like verifying email to a non-free email address, or voice verification, or requiring a credit card and billing them $1 for identity verification.

    You could also use mod_security to block and log any occurrences of "ebay" in URLs.

    You should use the SMTP tweak to block outgoing email (so email can't be sent out directly on port 25, bypassing exim) and set the max emails per hour to a low number like 50 emails per hour.

    On a free service, you should also tie PHP down really tightly - probably disabling things like passthru(), exec(), system() and that bunch. You should also run phpsuexec and suexec to keep your system tied down securely.

    Offering free hosting isn't trivial; you need to think rather more deeply about security and really invest in getting it right.
     
  10. proksie

    proksie Member

    Joined:
    Jul 16, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    I installed the rules for antivirus.exim, tested it and it looks so far great.:)
    Thanks for this great script as one of the weapons to stop illegal spamming.

    You mention a set of rules for mod_security.
    Is there already more information about this issue?
    I am curious and very interested.:eek:
     
Loading...

Share This Page