The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to findout spammers from this???

Discussion in 'General Discussion' started by tmc74, Sep 13, 2004.

  1. tmc74

    tmc74 Member

    Joined:
    Aug 17, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I have a spammer in my server. One of my clients may be . I want to find him. For the spam mails I have the folowsing header. Is it possible to find the spammer site(userid) in my server from this ? or is there any other solution?

    Please h--e-e-l-l-p.

    (Here I replace original server name by myservername.net for security reasons.)

    ***************************************

    1C6ovb-0004L8-N0-H
    nobody 99 99
    <nobody@myservername.net>
    1095074603 0
    -ident nobody
    -received_protocol local
    -body_linecount 1
    -auth_id nobody
    -auth_sender nobody@myservername.net
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -local
    XX
    1
    ronz_ctg@yahoo.com

    146P Received: from nobody by myservername.net with local (Exim 4.42)
    id 1C6ovb-0004L8-N0
    for ronz_ctg@yahoo.com; Mon, 13 Sep 2004 17:23:23 +0600
    023T To: ronz_ctg@yahoo.com
    018 Subject: I am here
    021F From: nila@yahoo.com
    025R Reply-To: nila@yahoo.com
    020 X-Mailer: PHP/4.3.8
    052I Message-Id: <E1C6ovb-0004L8-N0@myservername.net>
    038 Date: Mon, 13 Sep 2004 17:23:23 +0600

    ******************************************************


    -Tmc74
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I would suggest that you do a search on the forums for spammer nobody and you're likely to find plenty of posts that have gone through this.
     
  3. drmike

    drmike Active Member

    Joined:
    Jul 8, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Charlotte, NC
    Also turn off the ability within whm for "nobody to send email". It's under one of the security settings. All email should be going throuhg the smtp server.

    -drmike
     
  4. simplybe

    simplybe Well-Known Member

    Joined:
    Nov 29, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    Also check the apache logs, if its a formail exploit then it will show up often in the logs, this will lead you to the account being exploited.

    Also do a search for formails on your server and if needed disable them.

    Also as posted above use the option in whm to prevent the user nobody sending out emails, this will also break some customers scripts but for now it will help while you find the spammer.

    There is not a lot anyone here can do to help you, if you are unable to catch the spammer then you will need to allow/pay someone to access your server.

    good luck
     

Share This Page