The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How Do You Stop Spammers

Discussion in 'E-mail Discussions' started by filth, Nov 2, 2007.

  1. filth

    filth Active Member

    Joined:
    Jun 18, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I have been plagued in the last week by spammers. Both extremely prolific.

    I have already limited how many emails can be sent per hour via email.

    Please can you tell me other methods of stopping so much spam being sent out from the server.
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    1. Make sure your server isn't an open mail relay (by default a Cpanel server is _NOT_ an open relay). If you've modified exim, make sure your changes aren't allowing unauthenticated relay.

    2. Make sure your users' POP3 passwords are SECURE. You'd be surprised how many people use really stupid passwords for their email. And you may or may not be surprised how prolific the automated scripts are out there that brute force POP3 passwords and then use them for authenticating outbound SMTP.

    3. Run suexec/suphp in your Apache so that you can track much easier when it is some formmail script / bad php form / exploit is sending out spam from the server as a particular user. Without suexec/suphp it's much harder to determine (unless you set your exim up to log more criteria I suppose).

    4. Get a good TOS in place where you can shitcan any of your own customers who might be sending spam (this is less likely the case).

    5. Add a dictionary attack ACL to your exim so that dictionary attacks to check the presence of users en mass can be thwarted.

    6. Pay attention to /var/log/exim_mainlog.

    7. Use log_selector directive in exim.conf to increase the information that exim logs regarding where a script resides that is sending spam... see the following thread:

    http://forums.cpanel.net/showthread.php?t=71594&highlight=log_selector
    - specifically look at cpaneltodd's response


    mike
     
  3. filth

    filth Active Member

    Joined:
    Jun 18, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1

    This has been the exact case for me. 2 Accounts have been sending out Nigerian Scam emails. They signed up at relatively similar times using yahoo accounts. In fact a 3rd account was created but there was a problem with setting it up and thus far it has never been used. I suspect all 3 accounts are related in some way.

    I have done a search for 1 of the emails and found that it appears on about 6 sites in a Google search. 1 of the sites it appears on is from 2005 and is a site that seems to sell lists of proxies (in fact the email is used in a comment asking for bank details).

    http://www.rrdb.org/gb_v.php?l=en (message 4)
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I don't know what billing system you are using, but you should consider using one that has the ability to incorporate FraudGuardian into it. FraudGuardian helps a lot if you are doing automated instant signups. Most of the time the account would never get created because iet would fail FraudGuardian checks.

    Mike
     
  5. barko

    barko Member

    Joined:
    Apr 16, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    and... look at email headers from signups carefully and do a whois on all sending IPs. Don't do automated signups - check out each signup prior to creating an account.
     
  6. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator

    Agreed - Even with Fraudguardian, I do all of the things you mention. We process signups fast enough that we prefer to exercise extra diligence in weeding out the crap signups. No automatic signups here either.

    Mike
     
  7. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    Also checkout maxmind. For a small fee they do a nice job verifying purchasers of hosting or other products. Depending on the risk score you set, the automated phone verification will kick in and call the purchaser to verify credentials. This is the only way I like to fly and you get an added peace of mind.

    If someone is legit, whether its a $3.00 or $300.00 account, there is never a problem. After all, you are giving them access to powerful resources for a small monthly fee. Its a worth while to go the extra mile and protect yourself since no one else will.
     
  8. filth

    filth Active Member

    Joined:
    Jun 18, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Thanks all for your suggestions. I will look more into maxmind and Fraudguardian.
     
  9. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    If you are using a billing system, check out the plugins available for it. Most offer some fraud detection service.
     
Loading...

Share This Page