The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Will Pay For Help

Discussion in 'E-mail Discussions' started by prettydumb, Aug 25, 2007.

?

How dumb am I

Poll closed Aug 27, 2007.
  1. pretty dumb

    0 vote(s)
    0.0%
  2. ugly dumb

    0 vote(s)
    0.0%
  3. moronic dumb

    1 vote(s)
    100.0%
  4. pretty ugly and moronic

    0 vote(s)
    0.0%
  1. prettydumb

    prettydumb Active Member

    Joined:
    Aug 25, 2007
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Look at my name.

    What more can I say?

    Not dumb in all things, but certainly when it comes scripts and such. (yes that was a south carolina accent)

    My mail server is being bombarded with spam

    Observing the /var/log/exim_mainlog, I noticed it was quite large. I would refresh and within a couple minutes, watch it increase over 100,000 bytes.

    Reviewing that log, I see the TO: addresses trying to be delivered are mostly local and are not addresses I have created. I own all of the domains (no reselling) so I am certain of the spam. You will also notice the "too many connections" error quite often. I assume legit requests to access the server are being denied???

    After I deleted these files mentioned, my /md1 dropped to about 70% full.

    I left for dinner and returned to find it had already jumped back up to 88%
    full and climbing quickly.

    I was suspicious of two IP's which were trying to access the server every few
    seconds via ssh. I was never able to resolve where to ban these IP's. It tunred out to be more than just two as I am many of you have had experience seeing in these cases. At least the person I am writing this message for anyway.

    Around this same time I noticed this error in the logs...


    ===========================================

    2007-08-24 15:45:30 1IOg26-0003rH-0Q Cannot open main log file

    "/var/log/exim_mainlog": Permission denied: euid=47 egid=12
    2007-08-24 15:45:30 1IOg26-0003rH-0Q <= root@server2.gigasurf.com

    U=root P=local S=460
    2007-08-24 15:45:30 1IOg26-0003rH-0Q Cannot open main log file

    "/var/log/exim_mainlog": Permission denied: euid=47 egid=12


    ===========================================

    The /md1/ partition was down to about 97% full when I last deleted the bandwidth files just to keep the system healthy while we figured out what was going on.

    My host company has little experience with cpanel, so we settled on a script which would dlete the exim_mainlog. However, this is set to delete every 5 minutes leaving me little time to decipher the mail stats.

    In short....I want my server back and am willing to pay a pro to fix it. Not only fix it, but prepare it for future attacks.

    Anyone here up for hire?

    I look forward to your response.

    Russ


    p.s. i have a handful of domains which are set to :blackhole:, but want them set to :fail:
    is there an easier way to change all of these over without having to enter each domains cpanel.

    Told ya I was prettydumb :)
     
  2. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    hi,
    seems you need to get your server checked by an expert.
    I would strongly recommend you visit and hire www.configserver.com

    they have the services you need, and they are one of the best.

    Ask them for exploit detection and cpanel security services, they can handle this very well.

    thanx
    mohit
     
  3. prettydumb

    prettydumb Active Member

    Joined:
    Aug 25, 2007
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    mohit, mohit, mohit!

    Thanks!

    I have just placed an order.

    I'll post my review on them after their work so other dummies will know where to turn.

    Thanks again.
     
Loading...

Share This Page