The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Protect CPanel From Outgong Spammer (Fake Sender)

Discussion in 'General Discussion' started by al_bozorgi, May 7, 2014.

  1. al_bozorgi

    al_bozorgi Member

    Joined:
    Nov 6, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    How Protect CPanel From Outgong EMAIL Spammer (Fake Sender)

    hi,
    for knowing what i want , create a new PHP file in your public_html directory and put this code on it :


    PHP:
    <h2>Feedback Form</h2>
    <?php
    // display form if user has not clicked submit
    if (!isset($_POST["submit"])) {
      
    ?>
      <form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
      From: <input type="text" name="from"><br>
      Subject: <input type="text" name="subject"><br>
      Message: <textarea rows="10" cols="40" name="message"></textarea><br>
      <input type="submit" name="submit" value="Submit Feedback">
      </form>
      <?php
    } else {    // the user has submitted the form
      // Check if the "from" input field is filled out
      
    if (isset($_POST["from"])) {
        
    $from $_POST["from"]; // sender
        
    $subject $_POST["subject"];
        
    $message $_POST["message"];
        
    // message lines should not exceed 70 characters (PHP rule), so wrap it
        
    $message wordwrap($message70);
        
    // send mail
        
    mail("me@domain.com",$subject,$message,"From: $from\n");
        echo 
    "HA HA I Send SPAM";
      }
    }
    ?>
    change me@domain.com to your personal email for test.

    when run this script at browser you can send email with unregisterd domain and email account .

    many spamer script use php code like this .

    my Quotation is HOW Reject this fake email sender Script from CPanel ??

    the only way i found is : add mail in disable_function in main php.ini but this way not good becase many good script blocked by this command.
     
    #1 al_bozorgi, May 7, 2014
    Last edited: May 7, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The following document is a good place to start to prevent email abuse:

    How to Prevent Email Abuse

    You can't really prevent spoofing if you want to allow PHP scripts to send out email without authentication, but you can make it easier to identify the spammers by enabling the following option in "WHM Home » Service Configuration » Exim Configuration Manager":

    "EXPERIMENTAL: Rewrite From: header to match actual sender"

    Also, some administrators enable SpamAssassin for outgoing email by selecting:

    "Scan outgoing messages for spam and reject based on SpamAssassin® internal spam_score setting "

    Thank you.
     
  3. al_bozorgi

    al_bozorgi Member

    Joined:
    Nov 6, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    thank you Michael But i do all polices say in How to Prevent Email Abuse link and enable
    "Scan outgoing messages for spam and reject based on SpamAssassin® internal spam_score setting "
    +
    set all to EXPERIMENTAL: Rewrite From: header to match actual sender in WHM Home » Service Configuration » Exim Configuration Manager.

    But That PHP Code in post #1 can send email and no one these polices setting cannot stop it.

    Do you test that PHP code in your CPanel ?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, please see the following quote from my last response:

    The only way you can prevent this completely is if you disable sending out through PHP scripts without SMTP authentication.

    Thank you.
     
Loading...

Share This Page