The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

One site on my ser er is being hacked!!

Discussion in 'E-mail Discussions' started by Chriz1977, Sep 25, 2009.

  1. Chriz1977

    Chriz1977 Well-Known Member

    Joined:
    Sep 18, 2006
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    One site on my server has been receiving a massive number of SPAM eMails (eg undeliverable email, etc). Im sure I know WHO it is but not too sure how to trace them?

    Im using ASSPX and CSF but these emails arent getting blocked!

    It looks to me like the attacker is using a script to send email from this sites addresses. Is there a simple way to find out the IP and block it?

    Many thanks to anyone who can help

    Chriz
     
  2. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Chriz,

    If the spam is being sent from your server you can enable exim debug logging to see what site is sending it.

    The bouce email should also give you some information as well, like the source mailbox.
     
    #2 SB-Nick, Sep 25, 2009
    Last edited: Sep 25, 2009
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I would have to look at your server to determine what is really going on ....

    However, based upon what you posted alone, it sounds very much like you are just receiving the false bounce back messages from SPAM with falsified headers (using your domain) sent from elsewhere. If so, I would not worry about things to much as this is very common.

    Setting up an SPF record for the domain will help as well as measures put in place in your email settings to ignore falsified bounced back messages.
     
  4. Chriz1977

    Chriz1977 Well-Known Member

    Joined:
    Sep 18, 2006
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    Sounds good as we dont have any SPF recs set. BUT Is there any way to trace the hacker as we want to take this to a legal body so we can stop this (Its an attack from an ex's partner and that isnt on on oour server!,lol), HOW SAD IS THAT???

    LMAO!!
     
  5. Chriz1977

    Chriz1977 Well-Known Member

    Joined:
    Sep 18, 2006
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    Just checked and we DO have an SPF! Can anyone give me the correct syntax to I can check it????
     
  6. Chriz1977

    Chriz1977 Well-Known Member

    Joined:
    Sep 18, 2006
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    so how do we configure our email settings to ignore falsified bounced back messages?

    Cheers
     
  7. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    do you have someone with server management skills to look into this for you.

    have you checked the headers of the mails in your mail queue yet ?

    Have you checked the options in "exim configuration editor" in WHM to see what more mail options you can use.
     
Loading...

Share This Page