The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spammer Taking Server Over

Discussion in 'Workarounds and Optimization' started by leec, Jul 13, 2004.

  1. leec

    leec Active Member

    Joined:
    Aug 19, 2002
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Cant get this I tried to look through mainlog and maillog but nothing showing up in these ips
    I have three of these

     
  2. leec

    leec Active Member

    Joined:
    Aug 19, 2002
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    gee guess ill reply to my own post.

    Is there a way to make it so only domains listed on my server can send email out?
     
  3. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    this must be a program running that is generating the messages. You need to stop each major services like exim, http etc.. and take a look at the running processes. Seems like the spammer is within your server and has a domain in your server and is running a cgi in the name of the process that usually runs.

    do try it and let me know !
     
  4. leec

    leec Active Member

    Joined:
    Aug 19, 2002
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    ok i dont see anything thats not running unusual is there a way to past history of processes
     
  5. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    Tracking down a spammer can take a long time and can be quite tedious.

    The first thing I would do is go into the tweak settings and turn on both optinos to add an x header tracing the origins of messages. This will give you the file that generates the message added as a tag in the mail message which will tell you whose account sent it.

    You can also view your relayers, if they are stupid enough to be sending it via exim instead of a script, this will reveal whom it is. If 'nobody' has a huge number, then it is begin generated by a script.

    If you would like some help with this, feel free to contact me directly.

    Jon
     
Loading...
Similar Threads - Spammer Taking Server
  1. Ayodeji Ibrahim
    Replies:
    5
    Views:
    1,234

Share This Page