The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Somebody uses my server to spam

Discussion in 'General Discussion' started by Kelmas, Jan 10, 2007.

  1. Kelmas

    Kelmas Well-Known Member

    Joined:
    Nov 6, 2006
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    I belive somebody used my server to send spam. I see many messages in "View Relayers" to senders that I DID NOT SEND any e-mails. Account that is shown is one of my accounts and id default:

    serverusername@hostname.domain.tld

    How can somebody spam through this? I changed my password but I don't think abusers could have accessed my cPanel's account main password.

    Could somebody spam trhough some email script placed to cgi-bin by default? I deleted several from there (cgiecho, cgiemail, entropybanner.cgi, randhtml.cgi).

    EDITED. I totally forgot the account is sending forum activation messages. That is why relayer is full of addresses I don't know :D
     
    #1 Kelmas, Jan 10, 2007
    Last edited: Jan 10, 2007
  2. jameshsi

    jameshsi Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    My server loading went to 200 and I just found someone using my cgiemail to send emails, If you got any idea to stop it, post here.
     
  3. Rafaelfpviana

    Rafaelfpviana Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brazil
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    What the last poster said :)

    Plus, run phpsuexec. Set the max emails per account per hour to something low-ish like 250 and search for 'maxemails' here for details on how to lift the limit on a per-domain basis.

    Install mod_security and add a good set of rules, in particular choose some that block attempts to Bcc in scripts.

    Oh yes, and remove the cgiemail script! :cool:
     
  5. jameshsi

    jameshsi Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    Hi!
    If you delete the cgiemail script, will cpanel install it when you upgrade your cpanel to the latest version ?
     
Loading...

Share This Page