Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

php & cgi scripts forwarding mail bombs, how to neutralize?!

Discussion in 'E-mail Discussion' started by porcupine, Oct 13, 2002.

  1. porcupine

    porcupine Well-Known Member

    Apr 18, 2002
    Likes Received:
    Trophy Points:
    Toronto, Ontario
    cPanel Access Level:
    DataCenter Provider
    php & cgi scripts forwarding mail bombs, how to neutrali


    Well i've searched the forums, and honestly can't find a solution to our problem. Users have a php script, or insecure cgi script i'd imagine that is sending mail through apache (i believe) as the user nobody@serverhostname. for the cgi scripts, we searched for insecure verions of formmail, removed them, and that was that, but now we're getting evidence one of our servers is back up to the same tricks, but it has no more formmail scripts left except the .php ones.

    Problem being, there is no reasonable way to trace back this activity, the exim_mainlog only displays that the user sent the email, i've tried to check the apache log files scanning back for entries when this was occurring, but with 700 logfiles in the /usr/local/apache/domlogs, this just isn't a reasonable solution. Theres got to be a way to stop exim from sending mail from the user nobody, and we found some that were supposed to work for exim v4.0 , but CPanel seems to be running exim 3.xx. Does anyone have suggestions for this? even fi we cant disable the user nobody from sending mail, there must be a reasonable way to at least identify which user/domain has the scripts that are being used for this malicious activity.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Skm74

    Skm74 Well-Known Member

    Sep 28, 2002
    Likes Received:
    Trophy Points:
    I need to know too

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice