The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

someone is spamming from my server.. ??

Discussion in 'General Discussion' started by Apexity, Oct 11, 2004.

  1. Apexity

    Apexity Member

    Joined:
    May 5, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    someone is using my server to send email.. not one of my customers.

    I looked, and there are about 13000+ emails in the queue.

    How can I stop this?

    -Vince

    :confused:
     
  2. ThaMATRiX

    ThaMATRiX Well-Known Member

    Joined:
    Feb 1, 2004
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chicago
    if they are a customer, i'd suspend their account if that is against your tos/aup ;-)

    if not, secure your server quickly!
     
  3. Apexity

    Apexity Member

    Joined:
    May 5, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I think I need to turn off nobody..

    not a customer..


    User Domain Messages Sent Total Bytes Sent
    nobody 367705 1120875204


    I think I need to turn off nobody..

    how? any help?
     
  4. mac1981

    mac1981 Registered

    Joined:
    Oct 11, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Script

    Its possible to make an PHP script[if You are allowing the nobody to run PHP script] the result will be a script running as a nobody and sending a spam mail.
    Thats what i m gussing=)
    Can be wrong but its always some new point of view...
    Good luck
    Mac
     
  5. Apexity

    Apexity Member

    Joined:
    May 5, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    i'm 99% sure it was php-nuke using a formmail version and loading a BCC with tons of emails..

    Also, cpanel support sent me a list of items to check:


    +++++++++++++++++++++++++++++++

    There are generally 3 possiblities that would enable someone you do not want to be able to send spam:

    1) they are sending it via a script on your server.

    2) they are sending it as an authenticated user (IE they have a user/pass to use) (possibly a user that has a virus that is sending via their mail client)

    3) your server is an open relay.

    You may need to tighten up your SMTP server, here is a check list:

    Run PHP as the user instead of nobody by enabling PHPSuExec at WHM->Software->Update Apache

    Prevent the user nobody from being able to send mail:
    WHM->Server Setup->Tweak Settings->Prevent the user 'nobody' from sending out mail to remote addresses

    Set
    WHM->Server Setup->Tweak Settings->Silently Discard all FormMail-clone requests with a bcc: header in the subject line

    Set
    WHM->Server Setup->Tweak Settings->The maximum each domain can send out per hour to something besides 0

    Set
    WHM->Server Setup->Tweak Settings->Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)

    Set
    WHM->Server Setup->Tweak Settings->Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail. (exim 4.34-30+ required)

    Set
    Service Configuration->Exim Configuration Editor->Always set the Sender: header when the sender is changed from the actual sender.

    Set
    Service Configuration->Exim Configuration Editor->Verify the existance of email senders

    Set
    Service Configuration->Exim Configuration Editor->System filter file to /etc/antivirus.exim

    Doing some or all of those will help make it difficult or impossible to use your server for spam without being authenticated. And it will leave a trail of what script/user etc it came from so you can stop it ASAP if it does happen.
     
Loading...

Share This Page