The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Rouge domains said to be pointing at my server and i cant find them

Discussion in 'Security' started by krusty, Dec 14, 2009.

  1. krusty

    krusty Member

    Joined:
    Apr 1, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    I had a user's mail deliverly failure email. Looked at it and we found we were on the spamhous's sbl list.. Wasn't a few days ago.

    Anyhow the the ip's were there and the domains weren't listed in cpanel nor httpd.conf and nor named.conf...

    I did a trace route and sure enough they were pointing to my server

    a couple of the domains were starting in wowo So i don't know if this is a well known hack or what.

    My main concern is now to remove them ...
     
  2. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Try:
    cat /etc/userdomains |grep domain

    Do you have this checked in WHM:
    Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)

    That will give you the full path of the sript used to send the email.
     
Loading...

Share This Page