Spammer using server to send? Getting tons of bounces to catch-all

ryno267

Well-Known Member
Mar 3, 2004
212
0
166
Chandler, AZ
cPanel Access Level
Root Administrator
I got a few hundred emails through our catch-all (I think they all went to [email protected]) and all were random crap like bounced messages from other domains and emails that I THINK were originally sent using our domain as the sender - explaining why all the unknown emails bounced back to us...

The subjects ranged from:

Delivery Status Notification (Failure)
Undelivered Mail Returned to Sender
Unable to deliver your message
Returned mail: see transcript for details

etc etc - the list goes on....


I noticed most of them included the original message (below) sent from that [email protected]:
SUBJECT: Surprise Her!
BODY:
Viagra

Best prices, best shipping!

Get it here <http://dgefhabcjlm.greenbozo.info/?ikabcjlmxssrydgzgvefh>

Now when I check out my cPanel mail stats this is what I see....
Top 50 sending hosts by message count
-------------------------------------
685 38MB local


Top 50 sending hosts by volume
------------------------------
685 38MB local
16 10MB 63-224-146-137.phnx.qwest.net


Top 50 local senders by message count
-------------------------------------
464 32MB myusername

Top 50 host destinations by volume
----------------------------------
2117 101MB local
Now I've already made our catch-all goto :fail: for now at least, but I want to make sure that nobody is using our server or a webform or anything to send this crap. How do I know how they did this and how do I elimiate this from happening again?
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
Although this problem was covered hundreds of times in these formus, you need to find out the script used to send out SPAM throughout your server. Clean up, and then you can apply several security patches that can be found in these forums as well.