Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

newbie needs help -- spammers and "nobody" questions

Discussion in 'General Discussion' started by BraveX, Apr 7, 2006.

  1. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    166
    Hi. I have a customer that has been getting tons of spam from "nobdy@xxxmyserverxxx.com" (with the later the name of my server). I think a script on his site may be being exploited but I'm not sure how to find it. Which specific logs should I be looking at and what should I be looking for?

    Also, in WHM it has this: "Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)"

    Should I check the above? And how can I tell if I have phpsuexec and sueexc? And if I don't, should I install them?

    Thanks so much in advance for any help!!!

    BX
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    I'd suggest putting in extended logging by adding the following to the first textarea in the advanced mod exim configuration editor:

    log_selector = +arguments +subject

    Next time the problem occurs, scan /var/log/exim_mainlog for /home to see if there's a pattern:

    grep /home /var/log/exim_mainlog

    This should show the cwd directory of the process that sent the emails and so narrow down the likely script.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    166
    Thanks so much, Chirpy! As usual, you rock!

    BX
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice