The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spamer crash the server

Discussion in 'General Discussion' started by wimp, Mar 18, 2006.

  1. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    hello,
    i have a spamer that use my server to send e-mails. Twice a day he send hundereds of mails using my server. What i can see is that he is using sendmail as nobody (99) I already disable the the sendmail fro nobody in WHM but he is sending still e-mails. Also when this happens the server load goes un to 250. Also i will be soon in the blacklist around the world.
    Going to look at the maillog i see somethig very ver strange:
    The host that connects to those pop3 account is in some way related to MY own IP address!
    The IP: 000.000.000.000 Is my IP address from my PC i am curently working.
    I never connect to those account (this are accounts from my resellers.. i didnt know they e-mail address exists on the server!
    Alos if i going to see the CPUsage in WHM i can see this:
    /usr/bin/perl -w /etc/log.d/scripts/shared/multiservice sendmail,sm-mta

    is there anyone who can give me some tips to fix this spamer abuse?


    Thanks!!!


    Mar 19 00:34:39 servername cpanelpop[27960]: Login host=11.11.11.11 ip=000.000.000.000 user=anuser@anaccount.com re$
    Mar 19 00:34:39 servername cpanelpop[27960]: Login host=11.11.11.11 ip=000.000.000.000 user=anuser@anaccount.com re$
    Mar 19 00:34:39 servername cpanelpop[27960]: Login host=11.11.11.11 ip=000.000.000.000 user=anuser@anaccount.com re$
    Mar 19 00:34:39 servername cpanelpop[27960]: Login host=11.11.11.11 ip=000.000.000.000 user=anuser@anaccount.com re$
    Mar 19 00:34:42 servername cpanelpop[27958]: Session Closed host=555.555.555.555 ip=000.000.000.000 user=anotheruser@anotheraccount.com realuser=$
    Mar 19 00:34:42 servername cpanelpop[27958]: Session Closed host=555.555.555.555 ip=000.000.000.000 user=anotheruser@anotheraccount.com realuser=$
    Mar 19 00:34:42 servername cpanelpop[27958]: Session Closed host=555.555.555.555 ip=000.000.000.000 user=anotheruser@anotheraccount.com realuser=$
    Mar 19 00:34:42 servername cpanelpop[27958]: Session Closed host=555.555.555.555 ip=000.000.000.000 user=anotheruser@anotheraccount.com realuser=$
    Mar 19 00:34:43 servername cpanelpop[27960]: Session Closed host=11.11.11.11 ip=000.000.000.000 user=anuser@anotheraccount.net$
    Mar 19 00:34:43 servername cpanelpop[27960]: Session Closed host=11.11.11.11 ip=000.000.000.000 user=anuser@anotheraccount.net$
    Mar 19 00:34:43 servername cpanelpop[27960]: Session Closed host=11.11.11.11 ip=000.000.000.000 user=anuser@anotheraccount.net$
    Mar 19 00:34:43 servername cpanelpop[27960]: Session Closed host=11.11.11.11 ip=000.000.000.000 user=anuser@anotheraccount.net$
     
    #1 wimp, Mar 18, 2006
    Last edited: Mar 18, 2006
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    You can search these forum since many people have had the same problem with SPAM originated from their own servers. The only possible way to stop this SPAM is finding the script used to deliver thier messages.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
Loading...

Share This Page