The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Major Spam problem - I will pay you

Discussion in 'General Discussion' started by Haloweb, Apr 15, 2005.

  1. Haloweb

    Haloweb Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Hi there,

    I have tried just about everything on my box and yet somone is still sending spam,
    If there is somone who will accept $50 in stompay (its all I have) to help me sought this
    problem out please contact me ASAP

    here is one of the mail headers, it looks like a rogue script , I do have activated the
    prevent nobody sending and have also made some alterations to the exim conf like
    log= +all

    Return-Path: <jsegundo122@hotmail.com>
    Delivered-To: xxx@xxx
    Received: (qmail 22961 invoked from network); 15 Apr 2005 11:01:21 -0000
    Received: from unknown (HELO server.zippxxxx.com) (xxxxxxxx)
    by mail.iecc.com with SMTP; 15 Apr 2005 11:01:21 -0000
    Received: from nobody by serxxx.zippysxxx.com with local (Exim 4.44)
    id 1DMGh8-0006fO-QR
    for compilers@iecc.com; Fri, 15 Apr 2005 04:36:34 +0200
    To: compilers@iecc.com
    Subject: Come see my great new website...
    From: Jsegundo <jsegundo122@hotmail.com>
    Reply-To: jsegundo122@hotmail.com
    MIME-Version: 1.0
    X-Mailer: PHPBulkEmailer 1.1 http://www.nukedweb.com/
    Content-Type: text/plain
    Content-Transfer-Encoding: 8bit
    Message-Id: <E1DMGh8-0006fO-QR@sxxx.zipxxx.com>
    Date: Fri, 15 Apr 2005 04:36:34 +0200
    X-Haloweb-MailScanner-Information: Please contact the ISP for more information
    X-Haloweb-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details
    X-Haloweb-MailScanner-SpamCheck:
    X-MailScanner-From: jsegundo122@hotmail.com
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - server.zixxxxx.com
    X-AntiAbuse: Original Domain - iecc.com
    X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12]
    X-AntiAbuse: Sender Address Domain - hotmail.com
     
    #1 Haloweb, Apr 15, 2005
    Last edited: Apr 15, 2005
  2. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
  3. kmsd

    kmsd Well-Known Member

    Joined:
    May 21, 2003
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    6
    That is my recommendation as well :).
     
  4. Haloweb

    Haloweb Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Thanks Guys

    That was my first stop but unfortunately he only accepts paypal and credit cards
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. However, you could have pushed a little harder had I known what the problem was ;) I'll PM you.
     
  6. Haloweb

    Haloweb Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    ooi thanks chirpy - you are a star
     
  7. Bloory

    Bloory Active Member

    Joined:
    Aug 22, 2002
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Another recomendation for Jonathan.

    He's done great stuff to my CPanel servers :)
     
  8. Haloweb

    Haloweb Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    well everyone

    Thanks to chirpys help my problem seems to be solved.

    Just a word of warning one of my clients runs a community pages
    site (free pages) and there is a user that set himself up as brad22
    that has found some sought of exploit, I ran a search on google and
    he seems to have set himeself up under a number of free pages sites.

    I also would like to recommend chirpys mailscanner front-end its really
    awesome.
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,463
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  10. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Indeed it is.
     
  11. rgripoll

    rgripoll Active Member

    Joined:
    Mar 19, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Same problem

    I'm having the same problem in one of my servers, how did you fix it?
     
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I fixed it by securing his server. Have a search of the forums here and read up on some of the security threads on things to do.
     
  13. NoDoze

    NoDoze Active Member

    Joined:
    Mar 5, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    San Francisco, CA
    I installed APF firewall and Brut Force Detection (BFD)...solved the problem for me....

    And got notification when the "hacker" tried the last time to run the spam gauntlet....

    Now I have his IP, domain, and address! That is if he's not bouncing through them either...

    Spam came from won-india.com...but it looks like their site is offline now.... Heh....
     
  14. rgripoll

    rgripoll Active Member

    Joined:
    Mar 19, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    I have the apf, but I didn't know the BFD, I'll try it.
     
  15. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
  16. rgripoll

    rgripoll Active Member

    Joined:
    Mar 19, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    I knew this thread, I think I have everything, but I'll check it.
     
  17. rgripoll

    rgripoll Active Member

    Joined:
    Mar 19, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    OK, I've checked that thread, but there is nothing new for me... I have all this on my server, but it is still sending spam. :confused:
     
  18. rgripoll

    rgripoll Active Member

    Joined:
    Mar 19, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
  19. Haloweb

    Haloweb Well-Known Member

    Joined:
    Jul 2, 2004
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Have you tried making sure that in

    tweak settings > in whm that you have prevent nobody from sending mails
    checked, this helped me allot also there is a thread on this forum about adding a
    few paramaters to exim via whm :)

    In whm go to service congifuration > Then exim configurator
    click on advanced mode >

    Add the following to the first box

    queue_only_override = false
    local_from_check = false
    untrusted_set_sender = root

    You can also add the following for extended exim logging

    log_selector = +all

    I hope this helps, if all fails try chirpys services he is excellent ;)
     
Loading...

Share This Page