Knowledgebase

Portal Home > Knowledgebase > Articles Database > Someone is using my server for sending SPAM


Someone is using my server for sending SPAM




Posted by roro, 01-18-2010, 01:28 AM
I just receive a message from my provider telling me this, can someone help me put more security so this stop happening? Here is the header: My first guess is that are using my forums (SMF) simple machines to send this spam.
Posted by net, 01-18-2010, 01:32 AM
Moved > Hosting Security and Technology.
Posted by MrSaints, 01-18-2010, 03:49 AM
Well, if you have ConfigServer Firewall installed, there's an option to alert you when a user has sent out more than a particular amount of e-mails so you can investigate whether or not its a spam. One step you should take is go to WHM -> Tweak Settings -> Modify "The maximum each domain can send out per hour (0 is unlimited)" to a lower limit. Find the perpetrator and suspend their account.
Posted by madaboutlinux, 01-18-2010, 04:17 AM
Is this a cPanel server? If yes, the best solution is to turn off the option from WHM >> Tweak Settings and ask your clients to use SMTP authentication in their scripts. This will make sure non of your clients OR a compromised script will be able to send such emails. You can also place additional filter rules so such spam emails are not sent from your server. Refer: http://www.webhostingtalk.com/showpo...4&postcount=12 Add the subject in your email to the "$header_subject" of those rules and apply.
Posted by shawn_linux, 01-18-2010, 10:59 AM
WHM > Tweak settings > disable nobody emails this will disabled nobody emails .This will stop considerably.
Posted by Hostwaresupport, 01-18-2010, 11:13 AM
Hello, You need to check any CGI script in your server that might be sending mails. Also, disabling nobody mails is best way to prevent spamming. One more thing is that to check whether your server is open relay.
Posted by inspiron, 01-19-2010, 10:44 AM
Investigate the repeated IPs in the exim_mainlog and block those IPs that are repeated in huge number using firewall.
Posted by zomex, 01-19-2010, 11:51 AM
Thanks everyone I have learnt a lot from this thread. I have just turned the above on
Posted by Srv24x7, 01-19-2010, 12:14 PM
But preventing nobody scripts is not the correct solution for this. Make sure SMTP authentication is enabled and add SPF records. Then you need to monitor the exim logs to see what kind of activity is running.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Pure-ftpd (with PureDB) problem on Debian 6.0 (Views: 444)
Anyone who is the reseller of Brinkster? (Views: 481)
Problem: Install PHP4.4.4 in FREEBSD6.2R (Views: 518)
NFS with MySQL / Apache.. (Views: 466)
Cloud drive application (Views: 442)

Language: