The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

newbie needs help -- spammers and "nobody" questions

Discussion in 'General Discussion' started by BraveX, Apr 7, 2006.

  1. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    Hi. I have a customer that has been getting tons of spam from "nobdy@xxxmyserverxxx.com" (with the later the name of my server). I think a script on his site may be being exploited but I'm not sure how to find it. Which specific logs should I be looking at and what should I be looking for?

    Also, in WHM it has this: "Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)"

    Should I check the above? And how can I tell if I have phpsuexec and sueexc? And if I don't, should I install them?

    Thanks so much in advance for any help!!!

    BX
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I'd suggest putting in extended logging by adding the following to the first textarea in the advanced mod exim configuration editor:

    log_selector = +arguments +subject

    Next time the problem occurs, scan /var/log/exim_mainlog for /home to see if there's a pattern:

    grep /home /var/log/exim_mainlog

    This should show the cwd directory of the process that sent the emails and so narrow down the likely script.
     
  3. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    Thanks so much, Chirpy! As usual, you rock!

    BX
     
Loading...

Share This Page