Somebody uses my server to spam

K

Kelmas

Well-Known Member
Nov 6, 2006
121
0
166
Lithuania
I belive somebody used my server to send spam. I see many messages in "View Relayers" to senders that I DID NOT SEND any e-mails. Account that is shown is one of my accounts and id default:

[email protected]

How can somebody spam through this? I changed my password but I don't think abusers could have accessed my cPanel's account main password.

Could somebody spam trhough some email script placed to cgi-bin by default? I deleted several from there (cgiecho, cgiemail, entropybanner.cgi, randhtml.cgi).

EDITED. I totally forgot the account is sending forum activation messages. That is why relayer is full of addresses I don't know :D
 
Last edited:
J

jameshsi

Well-Known Member
Oct 22, 2001
347
0
316
My server loading went to 200 and I just found someone using my cgiemail to send emails, If you got any idea to stop it, post here.
 
brianoz

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
What the last poster said :)

Plus, run phpsuexec. Set the max emails per account per hour to something low-ish like 250 and search for 'maxemails' here for details on how to lift the limit on a per-domain basis.

Install mod_security and add a good set of rules, in particular choose some that block attempts to Bcc in scripts.

Oh yes, and remove the cgiemail script! :cool:
 
J

jameshsi

Well-Known Member
Oct 22, 2001
347
0
316
brianoz said:
What the last poster said :)

Plus, run phpsuexec. Set the max emails per account per hour to something low-ish like 250 and search for 'maxemails' here for details on how to lift the limit on a per-domain basis.

Install mod_security and add a good set of rules, in particular choose some that block attempts to Bcc in scripts.

Oh yes, and remove the cgiemail script! :cool:
Click to expand...
Hi!
If you delete the cgiemail script, will cpanel install it when you upgrade your cpanel to the latest version ?
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
W My server this with load average 105.80, Somebody is using the EXIM of my server. Email 10
A Somebody urgently help me !!! Email 1
W changing emails to be sent from somebody other than nobody Email 0
S HELP! Somebody has hijacked my email system Email 13
E somebody Help here :-) Email 5
Similar threads
My server this with load average 105.80, Somebody is using the EXIM of my server.
Somebody urgently help me !!!
changing emails to be sent from somebody other than nobody
HELP! Somebody has hijacked my email system
somebody Help here :-)
Top Bottom