Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to findout spammers from this???

Discussion in 'General Discussion' started by tmc74, Sep 13, 2004.

  1. tmc74

    tmc74 Member

    Joined:
    Aug 17, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    151
    I have a spammer in my server. One of my clients may be . I want to find him. For the spam mails I have the folowsing header. Is it possible to find the spammer site(userid) in my server from this ? or is there any other solution?

    Please h--e-e-l-l-p.

    (Here I replace original server name by myservername.net for security reasons.)

    ***************************************

    1C6ovb-0004L8-N0-H
    nobody 99 99
    <nobody@myservername.net>
    1095074603 0
    -ident nobody
    -received_protocol local
    -body_linecount 1
    -auth_id nobody
    -auth_sender nobody@myservername.net
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -local
    XX
    1
    ronz_ctg@yahoo.com

    146P Received: from nobody by myservername.net with local (Exim 4.42)
    id 1C6ovb-0004L8-N0
    for ronz_ctg@yahoo.com; Mon, 13 Sep 2004 17:23:23 +0600
    023T To: ronz_ctg@yahoo.com
    018 Subject: I am here
    021F From: nila@yahoo.com
    025R Reply-To: nila@yahoo.com
    020 X-Mailer: PHP/4.3.8
    052I Message-Id: <E1C6ovb-0004L8-N0@myservername.net>
    038 Date: Mon, 13 Sep 2004 17:23:23 +0600

    ******************************************************


    -Tmc74
     
    #1 tmc74, Sep 13, 2004
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    I would suggest that you do a search on the forums for spammer nobody and you're likely to find plenty of posts that have gone through this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 chirpy, Sep 13, 2004
  3. drmike

    drmike Active Member

    Joined:
    Jul 8, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Charlotte, NC
    Also turn off the ability within whm for "nobody to send email". It's under one of the security settings. All email should be going throuhg the smtp server.

    -drmike
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 drmike, Sep 14, 2004
  4. simplybe

    simplybe Well-Known Member

    Joined:
    Nov 29, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    166
    Also check the apache logs, if its a formail exploit then it will show up often in the logs, this will lead you to the account being exploited.

    Also do a search for formails on your server and if needed disable them.

    Also as posted above use the option in whm to prevent the user nobody sending out emails, this will also break some customers scripts but for now it will help while you find the spammer.

    There is not a lot anyone here can do to help you, if you are unable to catch the spammer then you will need to allow/pay someone to access your server.

    good luck
     
    #4 simplybe, Sep 15, 2004
(You must log in or sign up to post here.)

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice