Portal Home > Knowledgebase > Articles Database > Spam from our cpanel server
Spam from our cpanel server
| Posted by WebHostingNeeds, 02-05-2007, 01:04 PM |
| Hi,
Today data center mailed us and told some one is sending spam from our server.
The copy of spam mail they give us is below
As you can see there is no account info regarding who send spam mail.
In server phpsuexec is enabled.
In Tweak Settings, "Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)" is enabled.
The spamer domain aliativa.com (why no one take the spamer down ?) is not hosted by us. But found following in exim_mainlog
Anyone know how he send SPAM ? Using SMTP from localhost ? Why mail header do not include anything about who send spam ?
Thanks,
Yujin
|
| Posted by lnxcode, 02-05-2007, 01:32 PM |
| He could use a script or pop. Normally there is no set limit on how many emails can be sent per hour. Which means he can spam and raise your load super high etc... do crazy stuff... also a members forum could have been exploited.... so there are a couple of issues that could happen...
Check your mail que too...
|
| Posted by WebHostingNeeds, 02-05-2007, 02:03 PM |
| Thanks, if it was POP mail client, it should show which account is used to send mail ? I send a test mail from outlook express using a domain hosted on the server, the mail have following in header
|
| Posted by Website Rob, 02-05-2007, 02:07 PM |
| Could also be they are using a Form page of one of your Hosting Clients, that has not been properly secured.
The info you were given is not enough to track things down. What you need to do is search your Server mail queue for any domains using 'aliativa.com'. Ones that have not yet been sent will give you better information on how the Spam is being sent through your Server.
Also, presuming your have mod_security installed, insert the following into your Rules.
####################################
# Email Injection Header fix
####################################
SecFilter "bcc:"
SecFilterSelective THE_REQUEST "bcc:|bcc%3A"
SecFilterSelective ARG_Bcc ".*\@"
SecFilterSelective ARGS_VALUES "\n\s*bcc\:.*\@"
The above prevents any Spammer from using any script used by any Client, to send their Spam. Mind you, the Client will always receive a copy of the Spam as the script is designed after all, to send them an eMail when someone uses their Form.
|
| Posted by WebHostingNeeds, 02-05-2007, 02:42 PM |
| We run php in phpsuexec mod. So if it was send from a PHP script with mail function, it should show the abuser a/c in mail header ?
|
| Posted by hosein, 08-23-2007, 08:00 AM |
| I need Olny Copy-Past following line to the Rules ?
SecFilter "bcc:"
SecFilterSelective THE_REQUEST "bcc:|bcc%3A"
SecFilterSelective ARG_Bcc ".*\@"
SecFilterSelective ARGS_VALUES "\n\s*bcc\:.*\@"
Is following lines we needed to Copy-Past ?
####################################
# Email Injection Header fix
####################################
Thanks
|
| Posted by Website Rob, 08-23-2007, 08:06 AM |
| A good Coder always puts comments to explain what the code or section of code does. You can leave out the Header comments but 6 months from now, will you remember what the code is for?
And yes, you can copy & paste exactly as posted.
|
Add to Favourites 
Print this Article
Also Read
need info (Views: 781)