Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spam issue in Centos 5.2 Server

Discussion in 'E-mail Discussion' started by inertz, Apr 30, 2009.

  1. inertz

    inertz Member

    Nov 24, 2006
    Likes Received:
    Trophy Points:
    Oklahoma City, Oklahoma, United States
    Recently one of my server have a SPAM issue.

    I suspect due to the cgi script. It is because the script cause high load and on a sudden there are a lot of SPAM email going out from the server. From the email source, i cannot determine the email come from where but for sure it is from the server ip.

    Command line trace from whm is;

    /usr/bin/perl -w ./check.cgi

    Using grep and locate cannot find the file.

    Hope anybody can helps.
  2. mtindor

    mtindor Well-Known Member

    Sep 14, 2004
    Likes Received:
    Trophy Points:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    locate check.cgi

    find / -name check.cgi

    That should help you locate it. If the script is sending mail out via a connection to Exim,you should be able to see references to the script in /var/log/exim_mainlog IF you have the appropriate Exim logging turned on:

    In WHM / Exim Configuration Editor / Advanced Editor
    - in the first box, you should have:

    log_selector = +arguments +subject

    If it is direct spam to the recipient mailservers bypassing exim (using a PERL library to talk directly to the remote server), then it's more difficult to track down. This is where a firewall such as CSF would help you since you could set it so that outbound SMTP connections can't be made by regular users.

    There is a lot more involved than this, but this is just a briefer starter.

    Hopefully someone else will chime in with other ideas on how to find the file / identify how the site or server was exploited (insecure PHP script, FTP access, etc).

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Nov 29, 2006
    Likes Received:
    Trophy Points:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The SMTP Tweak in WHM's Security Center can also disable this. I recommend reviewing the options available in the Security Center if you are concerned about the security of your server.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice