The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spammers attacking server, very high load

Discussion in 'General Discussion' started by orudge, Feb 20, 2005.

  1. orudge

    orudge Member

    Joined:
    Oct 31, 2004
    Messages:
    14
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    United Kingdom
    Hi,

    I recently moved a site to my server which receives a lot of spam - some 1,000-2,000 messages a day - to random addresses, the vast majority of which don't exist. I have set up a few forwarders for genuine addresses, and told any other mail to go to :blackhole: which, in principle, is all good and well, except at times, load skyrockets due to many, many exim processes - often to over 200 immediate load - and brings the servers to its knees (like just this very minute, for instance). This is obviously not particularly useful. Someone suggested to me cutting off the spammers as soon as exim realises that it's talking to a spammer, rather than accepting and delivering the mail (as that makes the spammer think he has a genuine address). Could someone tell me how to do that with CPanel/WHM, and what changes need to be made to configuration files?

    Many thanks, this problem is causing much irritation to my clients as you can imagine.
     
    #1 orudge, Feb 20, 2005
    Last edited: Feb 20, 2005
  2. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    `There are many examples and this has been discussed many times already.

    Search is your friend on this
     
  3. orudge

    orudge Member

    Joined:
    Oct 31, 2004
    Messages:
    14
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    United Kingdom
    Ah, yes, sorry about that... I run a forum myself, and am always telling people to search, and here's me not doing so myself! Have found the search button now, thanks. ;)
     
  4. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA

    use :fail: not blackhole.
     
  5. orudge

    orudge Member

    Joined:
    Oct 31, 2004
    Messages:
    14
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    United Kingdom
    I used the dictionary attack script here and changed it to :fail: (as I originally thought :fail: bounced the e-mail back with a failure message, hence my lack of desire to use it), and things have been fine. Thanks. :)
     

Share This Page