The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Increase spamming through user Nobody

Discussion in 'General Discussion' started by Philip, Jul 14, 2003.

  1. Philip

    Philip Member

    Joined:
    May 6, 2002
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    We have noticed over the weekend a huge increase in emails being send from our server farm from the user Nobody (PHP). These emails are largely being sent to AOL users. These servers have been online for a while now and have not have any concern of this type prior to Friday morning. Is there any new technique/exploit being used by Internet spammers through PHP scripts?

    FYI - We do know about the exploit in Formmail.pl's and have worked to combat that problem. This issue started about Thursday evening or Friday morning and continues today.

    cPanel.net Support Ticket Number:
     
  2. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    I would suggest checking the account of new Clients, say in the last week, and if you keep copies of Server eMails: [newmailcgi] Recently Uploaded CGI scripts that send email on... to check those as well. Although it says CGI scripts, it is notice of any type script using any eMail protocols.

    cPanel.net Support Ticket Number:
     
  3. Philip

    Philip Member

    Joined:
    May 6, 2002
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for the input. These machines have not taken on any new customers in a while. They are full and have been running at the same capacity for a while. The problem just popped up on us on Friday and continues today.

    cPanel.net Support Ticket Number:
     
  4. moogle

    moogle Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    I am just now having this problem, but I looked and my server has never sent that email. Is there a way to get it to? Or to view via the server what it would have?

    cPanel.net Support Ticket Number:
     
  5. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    :confused:

    If your Server has not sent out the eMails, how can it be a problem for you?

    cPanel.net Support Ticket Number:
     
  6. techark

    techark Well-Known Member

    Joined:
    May 22, 2002
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    2 days ago I got a report from spam cop on spam from one of my servers and it was from nobody, but the name of the mailer script was included in the header so I greped the script name and found 10 of them on the server. I then used pico to edit each of the scripts and changed the mailer name in the script to the domain name it was running on. Next time they send mail it will have their domian name in the header of the mail.

    Then terminate.

    cPanel.net Support Ticket Number:
     
  7. techark

    techark Well-Known Member

    Joined:
    May 22, 2002
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    AAlready tried that breaks a few scripts so I am giving my clients time to get ready before we pull that trigger on them.

    cPanel.net Support Ticket Number:
     
  8. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    What exactly broke when you tried phpsuexec?

    cPanel.net Support Ticket Number:
     
  9. Doctor

    Doctor Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16


    FYI, scripts like PHPBB will not be able to send out mails when PHPSuexec is enabled. Am I right, techark?

    cPanel.net Support Ticket Number:
     
  10. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    Nope...

    I have PHPBB and PHPSuexec and all is fine. :)

    Brenden

    cPanel.net Support Ticket Number:
     
  11. Doctor

    Doctor Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Hey Taz! :) Nice to hear from you again! The last time I tried, PHPBB did have the problem. Maybe their newer version supports PHPSuexec.

    I have a question though. The last time I had PHPSuexec enabled, some of my clients did come back to me saying that all outbound mails were bounced. My question is... what should be added in a PHP script so that it supports PHPSuexec?

    Because I have an answer to this, I will definitely enable PHPSuexec again.

    cPanel.net Support Ticket Number:
     
  12. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Several of our customer's private PHP scripts broke. Most of it was because the user was using PHP configs in .htaccess.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page