The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

This user is spamming !!! I need to block it !!

Discussion in 'General Discussion' started by atul, Aug 7, 2004.

  1. atul

    atul Well-Known Member

    Joined:
    May 6, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Hello ALL,
    Today I found that the user kleen on my server is spamming ..
    here are some of the entries from exim_mainlog file..
    There are thiusands of such entries ..

    2004-08-01 04:34:27 1BrDff-0004cY-Ep => kleen <ingram@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:39 1BrDgo-0004d2-7K => kleen <ford@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:40 1BrDgq-0004d9-1w => kleen <williamson@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:43 1BrDgs-0004d4-5u => kleen <knight@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:43 1BrDgs-0004d2-Nb => kleen <jordan@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:46 1BrDgv-0004dT-JZ => kleen <guzman@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:47 1BrDgw-0004d9-I1 => kleen <bishop@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:50 1BrDgz-0004d4-IR => kleen <matthews@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:50 1BrDh0-0004d9-4q => kleen <stanley@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:53 1BrDh1-0004dg-Q3 => kleen <strickland@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:53 1BrDgz-0004d2-Iy => kleen <mcdonald@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:54 1BrDh2-0004dU-QV => kleen <fleming@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:54 1BrDh3-0004d2-Jc => kleen <hunter@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:54 1BrDh4-0004d4-0D => kleen <lane@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:55 1BrDh4-0004dT-74 => kleen <leonard@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:58 1BrDh7-0004d2-8X => kleen <mason@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:58 1BrDh7-0004d9-DW => kleen <reid@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:35:58 1BrDh7-0004d4-Ry => kleen <armstrong@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:36:02 1BrDhB-0004dg-1Y => kleen <goodman@kleen.com> R=localuser T=local_delivery
    2004-08-01 04:36:02 1BrDhA-0004dT-SS => kleen <baldwin@kleen.com> R=localuser T=local_delivery

    I have checked that demo mode is disable for this user ...
    How do I disable it? We have RHE3 server with whm 9.4..
    Thank you
     
  2. lostinspace

    lostinspace Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    122
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Colorado Springs, CO
    If it's a user on your machine how bout you KILL HIS ACCOUNT?
     
  3. atul

    atul Well-Known Member

    Joined:
    May 6, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    Yes the user have account on my server !! He has the domain hosated !!!
    But I don't think it is good solution personally !!!
    What else can be done?
     
  4. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    how about Violation of our Terms Of Service , your account is now cancelled

    This method works pretty good

    other than that you can go into tweak settings and set the max mails sent per hr to a low number provided he doesn't bypass that with his own smtp server
     
  5. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Not a good solution??? The guy is a spammer! He deserves to have his account terminated.

    If all hosting companies took a zero tolerance policy then we would have less spammers out there. But I guess to some money is more important.

    Remember spammers also hurt you as it is your IP's that end up getting blacklisted, your reputation that gets tarnished, and your other legit customers getting hurt as well.

    You need to make a choice. Money and keep the spammer or Fight the good fight and get rid of the spammer.
     
  6. peddler

    peddler Active Member

    Joined:
    Mar 26, 2003
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    You're joking, right? Just delete the account and feel real good about doing it!!!!
     
  7. lostinspace

    lostinspace Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    122
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Colorado Springs, CO
    Good luck when trying to get your server un-blacklisted
     
  8. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    Some folks have to learn the hard way

    And I agree he will play hell getting his server off the blacklists

    We got hit by the formmail spam hole a coupla yrs ago and it took a while to get un-blacklisted
     
  9. lostinspace

    lostinspace Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    122
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Colorado Springs, CO
    I'm not sure I understand the post really.

    He/she doesn't want to kill the account so he/she is willing to spend hours researching how to stop the persons outgoing bulk e-mail??

    Weird. :rolleyes:
     
  10. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I'm confused... is the account user 'kleen' and the domain kleen.com?
    So you mean the guy is spamming his own domain name? That's what it looks like to me.... :confused:
     
  11. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA

    It's returned mail from a dictonary spammer. They are using radnom@kleen.com for "from" addresses. This kleen guy is a victim. I see these all the time. What spammer in theiir right mind would spam their own domain?

    There is also a possibility that it's a forwarder list. I have a few companies that set up forwarders like this.

    office@domain.com >>> user1@domain.com
    office@domain.com >>> user2@domain.com
    office@domain.com >>> user3@domain.com
    office@domain.com >>> user3@domain.com
    and so on ... This way they can all communicate with each other by sending and replying to "office"
     
    #11 rpmws, Aug 7, 2004
    Last edited: Aug 7, 2004
  12. knipper

    knipper Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    107
    Likes Received:
    0
    Trophy Points:
    16
    I agree with myrem...

    To me this appears to be spam being delivered TO kleen.com, not coming from kleen.com and/or bounces due to spam being sent with his domain name.

    I have a personal domain that is/was targetted like this. It must have ended up on MANY spammer lists, as it is non-stop daily from hundreds of different IP's. This domain had a "catch all" for years... then one day spam got out of control.

    I had to implement some exim rules, and some dictionary attack rules as well. You can literally watch the messages in my exim_rejectlog for the domain scroll by... at certain times of the day.
     
Loading...

Share This Page