The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spamer on Server Help !

Discussion in 'General Discussion' started by wimp, Feb 5, 2003.

  1. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    hi,
    i have a spamer on a server who send tons of e-mails around the world.
    Is there a way to know what account send this spam using the message ID ? Have no other infos about message exept the message ID and I now that a lot of messagges comes back to my server by message delivery:
    Return-path: &nobody@my-servername.net&
    Received: from nobody by my-servername.net with local (Exim 3.36 #1)

    PS:
    suexe is disable on server


    Thanks for help
     
  2. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    Please can anybody bige me a tip how to solve this problem??

    thanks
     
  3. SprintSlash

    SprintSlash Well-Known Member

    Joined:
    Jan 18, 2003
    Messages:
    163
    Likes Received:
    0
    Trophy Points:
    16
    Did you try to check the Mail Statistics in WHM?
     
  4. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    yes but since the refer is nobody@my-server.com there is no way to check who user sent mails....
     
  5. icehosting

    icehosting Well-Known Member

    Joined:
    Dec 22, 2002
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Hi,
    i can help you to find the spammers.
    If you are interest send to my email, your ICQ or YIM ID and i contact you.
    Christos
     
  6. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    &icehosting& how can i contact you ??
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Click on his profile and send him an e-mail.
     
  8. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    &icehosting& i sent you a privat MS but no replay from you.

    Anyway. Found the spamer (they using a . cgi script) and block it.


    By
     
  9. FijianTribe

    FijianTribe Well-Known Member

    Joined:
    Jan 30, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    WImp:

    Would you mind posting what you did to find the spammers script?
     
  10. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    16
    Hi,
    they use a .cgi based mailing List called RobMail

    You can do a search with google to see how Rob Mail works

    bye
     
  11. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Fremont CA
    Check out SpamStopper @ http://webhostingbilling.com/

    SpamStopper will monitor outgoing emails using sendmail and will limit XXX emails being sent in XXX minutes

    and if a user goes over, it will send a detailed email to the admin
     
  12. icehosting

    icehosting Well-Known Member

    Joined:
    Dec 22, 2002
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Hi,
    sorry but i forgot to check my PM.
    If you continew to have problems contact me.
    Regards,
    Christos
     
  13. jcsolutions

    jcsolutions Well-Known Member

    Joined:
    Nov 4, 2002
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Spammer problem

    I am having the same problem as "wimp" mentioned above. Over the last few days, someone has been sending a lot of spam from my server and I can't tell who/where it's coming from.

    I've tested my server at http://ordb.org for an open relay. The results came back negative... no relaying permitted.

    I'm running:
    Cpanel 5.3.0-R117
    Exim 3.36 #1
    SuExec is enabled.

    Spam email details:
    auth_id = nobody
    auth_sender = nobody@host.myserver.com

    I currently have only 75 users on the server.
    My mail stats don't help, as "nobody" is the sender.

    I've read all I could find on "spam" in these forums. Unfortunately, none of it helped. Any information or ideas would be greatly appreciated!
     
  14. jcsolutions

    jcsolutions Well-Known Member

    Joined:
    Nov 4, 2002
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I would, unfortunately v6 doesn't have a RELEASE build for linux yet, let alone a STABLE build. I'd prefer to stick with the STABLE builds if possible as I am still fairly new to WHM and Cpanel.
     
  15. mpierre

    mpierre Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    If I disable nobody from sending mail, won't it prevent valid CGI scripts from sending e-mail too ???

    Just a stupid question...
     
  16. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    one small tip:

    Open WHM, click to "Change where system mail goes" and set "Nobody" email redirection to your own POP3 account. Spam lists have a lot of fake email addresses, so you will receive this spam to your account and track m***r down.
     
  17. InternetNut

    InternetNut Member

    Joined:
    Jan 17, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    How does SpamStopper differ from the new features in Cpanel 6.

    Thanks,

    Darrell
     
  18. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Fremont CA
    I havent had to much success with that feature in Cpanel, and i cant honestly tell you if it only monitors SMTP or it monitors sendmail as well.

    I tested it multiple times and I am running into quite a bit of issues, such as "no route to host" and worst, it doesnt tell you what or who its stopping. I had to disable it on most of our servers. I was under the impression that it only monitors SMTP usage

    Our script on the other hand monitors Sendmail and will email you when a user reachs such limits.

    I also tested the feature in WHM many times, and I was able to continue to send out emails with both SMTP and a basic formmail script (i had set it to 1 per hour...i tired sendmail, was able to send 20 and it didnt look like it was going to stop anytime soon)

    I also noticed, with the WHM feature, emails to say www-hosting.net WOULD go though, yahoo WOULD go though, then i tired setting up bugzilla, set my admin email to admin@webhostingbilling.com, thats when i got the "no route to host" issue. No one was any help...nick being as busy as he is, couldnt help, so that was that, even after i disabled it, i ended up having to reboot the machine for the changes to take.......alot of other users were having problems as well, i had set the limit to something like 200, yet i know for a fact that there was no way i send out 200 emails an hour from WHN's primary url, neither does 99% of my customers!

    The problems with the WHM script gave me an ulcer after i figured it may have been the root of my problems :(
     
    #18 AlaskanWolf, Mar 2, 2003
    Last edited: Mar 2, 2003
  19. cch

    cch Member

    Joined:
    Mar 24, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1

    How do you check which script send out spam?

    thanks
     
  20. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    Just look at apache status in WHM and you will see the cgi script being used and what domain is sending it.
     
Loading...

Share This Page