The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My server is being used to send spam

Discussion in 'E-mail Discussions' started by helptek, Dec 18, 2008.

  1. helptek

    helptek Registered

    Joined:
    Apr 6, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I host about 500 accounts in my server (WHM 11.23.2 cPanel 11.23.3-S25959). This server's IP is being constantly marked as "spammer" in lots of spam lists.

    I enabled the option "Prevent the user "nobody" from sending out mail to remote addresses", I have clamAV and SMTP Tweak active, and I even changed the exim outgoing IP to a different one from the server's main IP.

    Even so, the server's main IP is being quoted as spammer, primarily from hotmail.

    I receive reports from spamlists with some copies of emails/spam sent from my server.
    I can not track any of the Exim IDs in the exim_mainlog, and many emails are being sent with this kind of ID:

    01C95FEB.7E304865@"myserverhostname.com"

    Most of the emails are being sent to hotmail, from requesters that do not exist on my server.

    What can I do to track down these spammers? I believe they are exploring php scripts and almost all spam emails are not being sent from Exim. How can I find those scripts?

    Any way to block this through firewall, IP tables or something else?

    Any help would be very much appreciated.

    Best regards,
     
    #1 helptek, Dec 18, 2008
    Last edited: Dec 18, 2008
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Run suphp.

    Install and run CSF and ensure you have port 25 outgoing blocked, or if you don't want to install CSF enable the cpanel "SMTP tweak".

    Set the cpanel limit on outgoing emails to 150.

    Lots of other things you can do but there are some basics that will help.
     
  3. ebizindia

    ebizindia Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    hacked with automailer

    One of the domains hosted on your server may have been hacked and the spammer may have installed an automailer script. I saw one such script in a client domain recently.

    Search for bad.txt, good.txt etc files from the shell prompt and if found, go to the directory. You can easily identify the mailer.

    Just one possible problem.
     
  4. mccwho

    mccwho Member

    Joined:
    Nov 23, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I found it running as godi.cgi

    Suspended the user until they ran a virus scan on their local PC to find any key-loggers, then I reset all of the users passwords.
    Seems to have stopped it for now.
     
  5. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    then I reset all of the users passwords ?

    at one go or one bye one ???
     
Loading...

Share This Page