Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spamer on Server Help !

Discussion in 'General Discussion' started by wimp, Feb 5, 2003.

  1. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    166
    hi,
    i have a spamer on a server who send tons of e-mails around the world.
    Is there a way to know what account send this spam using the message ID ? Have no other infos about message exept the message ID and I now that a lot of messagges comes back to my server by message delivery:
    Return-path: &nobody@my-servername.net&
    Received: from nobody by my-servername.net with local (Exim 3.36 #1)

    PS:
    suexe is disable on server


    Thanks for help
     
  2. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    166
    Please can anybody bige me a tip how to solve this problem??

    thanks
     
  3. SprintSlash

    SprintSlash Well-Known Member

    Joined:
    Jan 18, 2003
    Messages:
    163
    Likes Received:
    0
    Trophy Points:
    166
    Did you try to check the Mail Statistics in WHM?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    166
    yes but since the refer is nobody@my-server.com there is no way to check who user sent mails....
     
  5. icehosting

    icehosting Well-Known Member

    Joined:
    Dec 22, 2002
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    156
    Hi,
    i can help you to find the spammers.
    If you are interest send to my email, your ICQ or YIM ID and i contact you.
    Christos
     
  6. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    166
    &icehosting& how can i contact you ??
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    191
    Click on his profile and send him an e-mail.
     
  8. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    166
    &icehosting& i sent you a privat MS but no replay from you.

    Anyway. Found the spamer (they using a . cgi script) and block it.


    By
     
  9. FijianTribe

    FijianTribe Well-Known Member

    Joined:
    Jan 30, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    WImp:

    Would you mind posting what you did to find the spammers script?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. wimp

    wimp Well-Known Member

    Joined:
    Jul 13, 2002
    Messages:
    301
    Likes Received:
    0
    Trophy Points:
    166
    Hi,
    they use a .cgi based mailing List called RobMail

    You can do a search with google to see how Rob Mail works

    bye
     
  11. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    316
    Location:
    Fremont CA
    Check out SpamStopper @ http://webhostingbilling.com/

    SpamStopper will monitor outgoing emails using sendmail and will limit XXX emails being sent in XXX minutes

    and if a user goes over, it will send a detailed email to the admin
     
  12. icehosting

    icehosting Well-Known Member

    Joined:
    Dec 22, 2002
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    156
    Hi,
    sorry but i forgot to check my PM.
    If you continew to have problems contact me.
    Regards,
    Christos
     
  13. jcsolutions

    jcsolutions Well-Known Member

    Joined:
    Nov 4, 2002
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    Spammer problem

    I am having the same problem as "wimp" mentioned above. Over the last few days, someone has been sending a lot of spam from my server and I can't tell who/where it's coming from.

    I've tested my server at http://ordb.org for an open relay. The results came back negative... no relaying permitted.

    I'm running:
    Cpanel 5.3.0-R117
    Exim 3.36 #1
    SuExec is enabled.

    Spam email details:
    auth_id = nobody
    auth_sender = nobody@host.myserver.com

    I currently have only 75 users on the server.
    My mail stats don't help, as "nobody" is the sender.

    I've read all I could find on "spam" in these forums. Unfortunately, none of it helped. Any information or ideas would be greatly appreciated!
     
  14. jcsolutions

    jcsolutions Well-Known Member

    Joined:
    Nov 4, 2002
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    I would, unfortunately v6 doesn't have a RELEASE build for linux yet, let alone a STABLE build. I'd prefer to stick with the STABLE builds if possible as I am still fairly new to WHM and Cpanel.
     
  15. mpierre

    mpierre Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    166
    If I disable nobody from sending mail, won't it prevent valid CGI scripts from sending e-mail too ???

    Just a stupid question...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. H2Hosting.com

    H2Hosting.com Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    316
    one small tip:

    Open WHM, click to "Change where system mail goes" and set "Nobody" email redirection to your own POP3 account. Spam lists have a lot of fake email addresses, so you will receive this spam to your account and track m***r down.
     
  17. InternetNut

    InternetNut Member

    Joined:
    Jan 17, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    151
    How does SpamStopper differ from the new features in Cpanel 6.

    Thanks,

    Darrell
     
  18. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    316
    Location:
    Fremont CA
    I havent had to much success with that feature in Cpanel, and i cant honestly tell you if it only monitors SMTP or it monitors sendmail as well.

    I tested it multiple times and I am running into quite a bit of issues, such as "no route to host" and worst, it doesnt tell you what or who its stopping. I had to disable it on most of our servers. I was under the impression that it only monitors SMTP usage

    Our script on the other hand monitors Sendmail and will email you when a user reachs such limits.

    I also tested the feature in WHM many times, and I was able to continue to send out emails with both SMTP and a basic formmail script (i had set it to 1 per hour...i tired sendmail, was able to send 20 and it didnt look like it was going to stop anytime soon)

    I also noticed, with the WHM feature, emails to say www-hosting.net WOULD go though, yahoo WOULD go though, then i tired setting up bugzilla, set my admin email to admin@webhostingbilling.com, thats when i got the "no route to host" issue. No one was any help...nick being as busy as he is, couldnt help, so that was that, even after i disabled it, i ended up having to reboot the machine for the changes to take.......alot of other users were having problems as well, i had set the limit to something like 200, yet i know for a fact that there was no way i send out 200 emails an hour from WHN's primary url, neither does 99% of my customers!

    The problems with the WHM script gave me an ulcer after i figured it may have been the root of my problems :(
     
    #18 AlaskanWolf, Mar 2, 2003
    Last edited: Mar 2, 2003
  19. cch

    cch Member

    Joined:
    Mar 24, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    151

    How do you check which script send out spam?

    thanks
     
  20. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    166
    Just look at apache status in WHM and you will see the cgi script being used and what domain is sending it.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice