The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail Queue 1,000 Messages

Discussion in 'E-mail Discussions' started by Francisco, Mar 5, 2004.

  1. Francisco

    Francisco Well-Known Member

    Joined:
    Jun 3, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    My eMail Queue shows 1,000 messages all sent to someone@hotmail.com seems like a Mailbomber Script on our Server, how do We dettect it?

    What do we have to check?

    Please guide me! :( I want to delete the fu... that is sending spam

    Thanks
     
  2. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Just some ideas that may or may not help:

    Check the email headers to see if it tells you anything.

    Check current running processes.

    Use command "top" in shell and see what it says.

    Try "View Mail Stats" in WHM. It may show which user is doing the sending.

    Also possible it could be an outside user, either running a script of his own or found an exploitable formmail script.
     
  3. Francisco

    Francisco Well-Known Member

    Joined:
    Jun 3, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    received_protocol local
    So, it's sent from your server (you already knew that)

    auth_sender nobody@free.mtxis.net
    Makes this harder to trace. Do you have...

    1. SuExec enabled? If so, then it's probably not from a CGI script

    2. PHPSuexec enabled? If so, then it's probably not from a PHP script

    3. "Prevent the user 'nobody' from sending out mail to remote addresses" enalbed under WHM > Tweak Settings? If not, enable it now!

    Check for failure errors in /etc/httpd/logs/error_log as they may have generated errors when trying to take over the script
     
  5. Francisco

    Francisco Well-Known Member

    Joined:
    Jun 3, 2003
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    But then I won't be able to use the () Mail funtion?

    BTW; SuExec is Enabled, do I enable PHPsuEXEC ?
     
Loading...

Share This Page