The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spammers caught?

Discussion in 'General Discussion' started by web12, Dec 18, 2002.

  1. web12

    web12 Well-Known Member

    Joined:
    Nov 20, 2002
    Messages:
    240
    Likes Received:
    0
    Trophy Points:
    16
    Just wanted to know, i have seen a massive increase in mail being sent from the server this last week, and then (perhaps unsurprisingly) i got a complaint of spam originating from this particular server.

    Looking through the complaints, they seem to be very similar and state they are coming from dave@themail.us which is definitely not an account on my server... so digging through the exim logs i found this...
    ------------------------------------------------------------
    2002-12-13 10:45:25 18Ms0C-0000Au-00 Completed
    2002-12-13 10:45:25 18Ms0D-0000Az-00 &= daveo@themail.us H=(trish) [207.13.165.17] P=asmtp A=fixed_login:dave@less.us S=1626
    2002-12-13 10:45:25 18Ms0D-0000B0-00 &= daveo@themail.us H=(trish) [207.13.165.17] P=asmtp A=fixed_login:dave@less.us S=1620
    2002-12-13 10:45:25 18Ms09-0000Ag-00 =& info@effectuality.com R=lookuphost T=remote_smtp H=mail.effectuality.com [66.70.99.202]
    2002-12-13 10:45:25 18Ms09-0000Ag-00 Completed
    --------------------------------------------------------------
    The less.us is an account on this server, so would you say that is where it is originating?

    Strange as there is nothing in the account at all... i went looking for a cgi script, but there are no proggys there at all.

    Just wanted to confirm before i suspend this account.

    thanks
     
  2. mrprez

    mrprez Well-Known Member

    Joined:
    Jun 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    16
    Sounds typical. Spammers aren't interested in the webspace, all they are interested in is access to sendmail or SMTP. They have the mail program running on their computer.

    Looks like you got him.

    I hope you have a spam clause in your AUP so you can charge his butt $500 for each incident.

    John
     
  3. web12

    web12 Well-Known Member

    Joined:
    Nov 20, 2002
    Messages:
    240
    Likes Received:
    0
    Trophy Points:
    16
    Unfortunately, it wasnt my client, it was a resellers.

    But still glad that headache is over
     
  4. netarus

    netarus Well-Known Member

    Joined:
    Oct 27, 2002
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    16
    Speaking of this topic, anyone recommend a good checklist of logs to check out occassionally? We basically monitor the core stuff within Cpanel, however, what else is there to view and skim for?

    (i.e. DOS Attacks, etc.)
     
Loading...

Share This Page