The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

please help

Discussion in 'General Discussion' started by Edi, Feb 15, 2004.

  1. Edi

    Edi Member

    Joined:
    Sep 21, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    load avarage 450.00 :(


    1AsRtQ-0005BA-9d 2.8K 8m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRtQ-0005BA-Ht 2.8K 8m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRtQ-0005BA-Q2 3.2K 8m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRtR-0005BA-1z 3.2K 8m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvF-0005J4-TI 2.5K 6m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvG-0005Jk-H8 2.1K 6m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvG-0005Jw-Mj 2.1K 6m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvJ-0005NP-0Q 1.9K 6m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvJ-0005OE-Lb 1.9K 6m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvT-0005X1-Tn 2.1K 5m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvX-0005ZM-Lx 1.7K 5m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvf-0005fz-39 1.7K 5m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvf-0005g9-6L 2.5K 5m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvi-0005h6-8J 1.5K 5m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvi-0005hB-AE 1.7K 5m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvi-0005hC-Dm 2.1K 5m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvi-0005hD-Ab 1.9K 5m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRvl-0005m3-OI 2.1K 5m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRwY-0006Vb-PR 1.9K 4m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRwY-0006Vm-Sv 2.1K 4m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRxT-0007Pc-7e 2.1K 3m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRxT-0007Q7-Q5 1.7K 3m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRxU-0007QN-4c 1.9K 3m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRxx-0007rt-Ep 1.9K 3m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRxx-0007sI-NK 1.6K 3m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRyF-0008Ad-Il 1.5K 3m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRyF-0008Aq-Nu 1.9K 3m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRyF-0008Ar-On 2.1K 3m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRyG-0008BH-31 2.1K 3m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRyQ-0008MD-1f 1.1K 2m Delete Deliver Now
    free@kanka.net

    1AsRyz-0000VW-0G 1.9K 2m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsRz1-0000YN-Bk 2.1K 2m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsS0Z-00028o-Or 791 0m Delete Deliver Now
    beyaz_kan@kanka.net

    1AsS0k-0002KM-Ih 2.3K 0m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsS0w-0002WE-Ns 2.3K 0m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsS17-0002hQ-3S 1.7K 0m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsS17-0002hh-9M 1.6K 0m Delete Deliver Now
    nobody@LNXCP1.domain.com

    1AsS18-0002it-2z 1.9K 0m Delete Deliver Now
    nobody@LNXCP1.domain.com
     
  2. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
    Replace sendmail (locate sendmail) with sendmail.real by doing :

    Code:
    mv sendmail sendmail.real
    Than put this script in place of sendmail:

    Code:
    #!/usr/local/bin/perl 
    # use strict; 
     use Env;
    
     my $date = `date`;
     chomp $date;
     open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
     my $uid = $>;
     my @info = getpwuid($uid);
     if($REMOTE_ADDR) {
             print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n";
     }
     else {
             print INFO "$date - @info\n";
     }
     my $mailprog = '/usr/sbin/sendmail.real';
     foreach  (@ARGV) {
             $arg="$arg" . " $_";
     }
    
    
     open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n";
     while (<STDIN> ) {
             print MAIL;
     }
     close (INFO);
     close (MAIL);
    
    Now, check /var/log/formmail.log and you can find out who's sending the spam :)
     
  3. Edi

    Edi Member

    Joined:
    Sep 21, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    my english is not good.
    sorry.

    nobody 22483 0.0 0.8 12992 8560 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22484 0.1 0.9 14248 9920 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22485 0.2 0.9 16100 9912 ? S 23:04 0:01 /usr/local/apache/bin/httpd -DSSL
    nobody 22486 0.0 0.8 13376 8952 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22487 0.0 0.9 15696 9476 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22491 0.0 0.8 13024 8448 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22494 0.3 1.0 14684 10340 ? S 23:04 0:01 /usr/local/apache/bin/httpd -DSSL
    nobody 22495 0.1 0.9 13944 9612 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22496 0.2 0.9 13960 9756 ? S 23:04 0:01 /usr/local/apache/bin/httpd -DSSL
    nobody 22497 0.0 0.6 12192 7136 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22498 0.0 0.8 12792 8348 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22499 0.1 0.9 16284 9912 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22506 0.1 0.8 15756 9176 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22525 0.1 1.0 16732 10400 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22526 0.0 0.8 13008 8616 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22527 0.0 0.6 12188 7132 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22528 0.6 1.0 16804 10640 ? S 23:04 0:03 /usr/local/apache/bin/httpd -DSSL
    nobody 22529 0.1 1.0 16552 10208 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22533 0.5 0.9 14580 10196 ? S 23:04 0:02 /usr/local/apache/bin/httpd -DSSL
    nobody 22534 0.0 0.9 13612 9264 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22535 0.0 0.6 12188 7132 ? S 23:04 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22880 0.2 0.9 15736 9352 ? S 23:11 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22881 0.1 0.8 13656 9164 ? S 23:11 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22882 0.7 1.0 14760 10372 ? S 23:11 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22885 0.0 0.6 12188 7132 ? S 23:11 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22886 0.1 0.8 13344 8856 ? S 23:11 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22900 0.0 0.6 12188 7084 ? S 23:12 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22902 0.0 0.6 12188 7084 ? S 23:12 0:00 /usr/local/apache/bin/httpd -DSSL
    nobody 22903 0.3 0.6 12188 7084 ? S 23:12 0:00 /usr/local/apache/bin/httpd -DSSL
     
  4. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
    First you post spam, than you post a lot of apache processes..My mind-reading isn't what it used to be either :)
     
  5. Edi

    Edi Member

    Joined:
    Sep 21, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Thanks script is good but is problem
    My english is not good
    I add mail script from php file;
    I run domain.com/mail.php
    send mail but does not file name in formmail.log

    I want is ex: domain.com/mail.php
     
  6. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    I like this script, but I have some questions about it. I had a spammer today that was sending out thousands of e-mails. I just have a bunch of these in the log:

    Thu Sep 2 14:31:20 CDT 2004 - nobody x 99 99 Nobody / /sbin/nologin
    Thu Sep 2 14:31:20 CDT 2004 - nobody x 99 99 Nobody / /sbin/nologin
    Thu Sep 2 14:31:21 CDT 2004 - nobody x 99 99 Nobody / /sbin/nologin
    Thu Sep 2 14:31:21 CDT 2004 - nobody x 99 99 Nobody / /sbin/nologin
    Thu Sep 2 14:31:23 CDT 2004 - nobody x 99 99 Nobody / /sbin/nologin


    Does that mean the user didn't run a script that was on the machine?

    I guess I am not sure what if($REMOTE_ADDR) { means. I guess if I knew exactly what it was checking for in that if statement, it might help me know why it goes to the second condition of that statement:

    else {
    print INFO "$date - @info\n";

    Which is what i think it is doing...

    Is there any tweaking I can do to your script to get more info than above?
     
  7. edesignway

    edesignway Well-Known Member

    Joined:
    Dec 4, 2001
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    I gave this a try and I keep getting the following error:

    Code:
    Message 1C6hoy-0008B9-1w is no longer frozen
    delivering 1C6hoy-0008B9-1w
    transport error EPIPE ignored
    LOG: MAIN
      <donna@XXX.XXX.net>: local_sa_delivery transport output: Failed to open file ::Permission denied at /usr/sbin/sendmail line 7.
    LOG: MAIN
      ** donna@XXX.XXX.net <donna@XXX.com> R=sa_localuser T=local_sa_delivery: Child process of local_sa_delivery transport returned 13 from command: /usr/sbin/sendmail
    LOG: MAIN
      Frozen (delivery error message)
    Return to Mail Queue
    Line 7 of sendmail is

    Code:
     open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
    The file /var/log/formmail.log does exist

    Any Ideas?
     
  8. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    #8 sawbuck, Sep 12, 2004
    Last edited: Sep 12, 2004
Loading...

Share This Page