Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Major Spam problem - I will pay you

Discussion in 'General Discussion' started by Haloweb, Apr 15, 2005.

  1. Haloweb

    Haloweb Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    156
    Hi there,

    I have tried just about everything on my box and yet somone is still sending spam,
    If there is somone who will accept $50 in stompay (its all I have) to help me sought this
    problem out please contact me ASAP

    here is one of the mail headers, it looks like a rogue script , I do have activated the
    prevent nobody sending and have also made some alterations to the exim conf like
    log= +all

    Return-Path: <jsegundo122@hotmail.com>
    Delivered-To: xxx@xxx
    Received: (qmail 22961 invoked from network); 15 Apr 2005 11:01:21 -0000
    Received: from unknown (HELO server.zippxxxx.com) (xxxxxxxx)
    by mail.iecc.com with SMTP; 15 Apr 2005 11:01:21 -0000
    Received: from nobody by serxxx.zippysxxx.com with local (Exim 4.44)
    id 1DMGh8-0006fO-QR
    for compilers@iecc.com; Fri, 15 Apr 2005 04:36:34 +0200
    To: compilers@iecc.com
    Subject: Come see my great new website...
    From: Jsegundo <jsegundo122@hotmail.com>
    Reply-To: jsegundo122@hotmail.com
    MIME-Version: 1.0
    X-Mailer: PHPBulkEmailer 1.1 http://www.nukedweb.com/
    Content-Type: text/plain
    Content-Transfer-Encoding: 8bit
    Message-Id: <E1DMGh8-0006fO-QR@sxxx.zipxxx.com>
    Date: Fri, 15 Apr 2005 04:36:34 +0200
    X-Haloweb-MailScanner-Information: Please contact the ISP for more information
    X-Haloweb-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details
    X-Haloweb-MailScanner-SpamCheck:
    X-MailScanner-From: jsegundo122@hotmail.com
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - server.zixxxxx.com
    X-AntiAbuse: Original Domain - iecc.com
    X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12]
    X-AntiAbuse: Sender Address Domain - hotmail.com
     
    #1 Haloweb, Apr 15, 2005
    Last edited: Apr 15, 2005
  2. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    343
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. kmsd

    kmsd Well-Known Member

    Joined:
    May 21, 2003
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    156
    That is my recommendation as well :).
     
  4. Haloweb

    Haloweb Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    156
    Thanks Guys

    That was my first stop but unfortunately he only accepts paypal and credit cards
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Indeed. However, you could have pushed a little harder had I known what the problem was ;) I'll PM you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Haloweb

    Haloweb Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    156
    ooi thanks chirpy - you are a star
     
  7. Bloory

    Bloory Active Member

    Joined:
    Aug 22, 2002
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    156
    Another recomendation for Jonathan.

    He's done great stuff to my CPanel servers :)
     
  8. Haloweb

    Haloweb Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    156
    well everyone

    Thanks to chirpys help my problem seems to be solved.

    Just a word of warning one of my clients runs a community pages
    site (free pages) and there is a user that set himself up as brad22
    that has found some sought of exploit, I ran a search on google and
    he seems to have set himeself up under a number of free pages sites.

    I also would like to recommend chirpys mailscanner front-end its really
    awesome.
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,578
    Likes Received:
    439
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,366
    Likes Received:
    6
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Indeed it is.
     
  11. rgripoll

    rgripoll Active Member

    Joined:
    Mar 19, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    151
    Same problem

    I'm having the same problem in one of my servers, how did you fix it?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    I fixed it by securing his server. Have a search of the forums here and read up on some of the security threads on things to do.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. NoDoze

    NoDoze Active Member

    Joined:
    Mar 5, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    San Francisco, CA
    I installed APF firewall and Brut Force Detection (BFD)...solved the problem for me....

    And got notification when the "hacker" tried the last time to run the spam gauntlet....

    Now I have his IP, domain, and address! That is if he's not bouncing through them either...

    Spam came from won-india.com...but it looks like their site is offline now.... Heh....
     
  14. rgripoll

    rgripoll Active Member

    Joined:
    Mar 19, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    151
    I have the apf, but I didn't know the BFD, I'll try it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
  16. rgripoll

    rgripoll Active Member

    Joined:
    Mar 19, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    151
    I knew this thread, I think I have everything, but I'll check it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. rgripoll

    rgripoll Active Member

    Joined:
    Mar 19, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    151
    OK, I've checked that thread, but there is nothing new for me... I have all this on my server, but it is still sending spam. :confused:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. rgripoll

    rgripoll Active Member

    Joined:
    Mar 19, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    151
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. Haloweb

    Haloweb Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    156
    Have you tried making sure that in

    tweak settings > in whm that you have prevent nobody from sending mails
    checked, this helped me allot also there is a thread on this forum about adding a
    few paramaters to exim via whm :)

    In whm go to service congifuration > Then exim configurator
    click on advanced mode >

    Add the following to the first box

    queue_only_override = false
    local_from_check = false
    untrusted_set_sender = root

    You can also add the following for extended exim logging

    log_selector = +all

    I hope this helps, if all fails try chirpys services he is excellent ;)
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice