The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam Mailing scripts

Discussion in 'E-mail Discussions' started by crazyaboutlinux, Apr 20, 2009.

  1. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Hi Guy's

    probably you all guy's are aware about the spam scripts e.g dm.cgi, hnc.cgi

    i have just found dm.cgi (dark mailer script) on my server but i am not sure whether this script is currently running or not.

    so how can i make sure that this script is running our not & if running the how to stop

    also i want to list of spam scripts so that i can monitor

    Thanks!

    Nilesh
     
  2. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    still not reply

    Hello,

    is there any one @ cPanel forum can help into this ?????
     
  3. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    ps auxw |grep dm.cgi

    will let you know if it is running, 'ls -al /proc/PID' of this script will let you know the location where it is running, you can also run 'updatedb' and 'locate dm.cgi'.
    Enable SMTP Tweak from "WHM >> Security Center" and if you are running SuPHP/Suexec, check this option in WHM >> Tweak Settings "Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)"
    These and active monitoring of your server will help you reduce spam generation from your server.
     
    #3 JawadArshad, Apr 22, 2009
    Last edited: Apr 22, 2009
  4. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    # ps auxw |grep dm.cgi

    Result >> root 6613 0.0 0.0 3912 668 pts/0 S+ 10:54 0:00 grep dm.cgi

    # locate dm.cgi

    result >> /home/tarangi/public_html/cgi-bin/dm.cgi
    /home/telemed/1public_html/cgi-bin/dm.cgi

    is it running ????
     
  5. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    Doesn't seem like running, you can ask your two users 'tarangi' & 'telemed' if they intentionally placed these scripts, you can disable them anytime as root and render them immutable.
     
  6. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    how could you guess

    how can i disable this ?
     
  7. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    ps auxw usually shows multiple incidents, however you need to check logs and actively monitor your server via top and ps commands to be sure.

    find the location of the dm.cgi. cd to that folder.

    chown root.root dm.cgi
    chmod 000 dm.cgi
    chattr +i dm.cgi

    This way cpanel users will not be able to modify this script. The last command will make the file immutable, to make it modifyable again, run

    chattr -i dm.cgi

    Do also enable the other two tweaks provided by cPanel, which are very effective in reducing/eliminating spam generation on cPanel servers.
     
Loading...

Share This Page