Spam and security issues

Portal Home > Knowledgebase > Articles Database > Spam and security issues

Posted by sharpnose, 07-05-2009, 05:32 AM
Hi Friends! I am facing some major SPAM problems. I am a web host from the city of Kolkata, India. Almost 95% of my clients are from my city - others are also known to me. I know many of them face to face - there are very little chances that any of them are SPAMMER. Still my server IP is blacklisted - several times in last 1 year - I changed my datacenter - but the problem still persists. What are the ways to get rid of it? Last edited by sharpnose; 07-05-2009 at 05:39 AM. Reason: typing errors
Posted by RDSNetworking, 07-05-2009, 05:50 AM
There's so many possibilities. You can start with the following. Secure your mail server. Make sure it can't be used as a open relay. Check your servers for rogue cgi scripts. Secure your PHP and install the mail headers patch to help you track down a spamming account. Scan your servers for root kits. Read your logs. With viruses it's possible the user(s) sending the spam isn't even aware of it. This is just a few things to get you started.
Posted by whrss2, 07-07-2009, 07:49 PM
This could also be a case of Spoofing. If your server is configured as an "Open Relay", mails could be forged and sent as if there are being sent by you(domains on your server). Setting up SPF records for your domains is another important thing. Check for mails being sent by PHP or CGI scripts. It would help if you got your hands on a couple of mail headers for some of the SPAM sent out. ---------------------------- Sr. Systems Engineer WHRSS We grow by helping you grow.
Posted by prashant1979, 07-08-2009, 02:00 AM
In many cases, it is found that some user's computer is infected with mass mailing trojan or virus and it sends out spam emails from the email client on the user's computer. Also check your mail server logs to find out any unusual email going out from it.
Posted by eSited, 07-08-2009, 02:12 AM
Do you have any proxy sites hosted off the server? That can also be an issue, if the sendmail port is open, the proxy site can use localhost to spam.
Posted by brianoz, 07-09-2009, 08:26 AM
This is the most likely cause: Your users probably have insecure scripts installed and they are getting hijacked and used to send spam. Often these are contact scripts, but maybe the sites are getting completely hacked. It's unlikely any of your users are sending spam deliberately! Are you running cPanel? If so, here are some ways to stop this: install CSF and enable SMTP_BLOCKset max emails per hour to 100 in WHMuse mod_security to block submissions with To: or Cc: or Bcc: in the fields, look around and you'll find the rulesuse suphp or phpsuexec to isolate the individual accountswatch the alert emails from cpanel very closely for a few weeks and suspend accounts caught sending lots of email without good reason Even if the server's not cPanel, the above will help a lot! At the end of the day, securing a server against outgoing spam is really the same as securing the server. If you can't secure the server, you won't stop outgoing spam. One way to get the problem solved permanently would be to use the services of someone like Chirpy - www.configserver.com.
Posted by sharpnose, 07-12-2009, 02:02 AM
Thanks a lot friends for your advice. I am following the steps as advised by you. Last edited by sharpnose; 07-12-2009 at 02:03 AM. Reason: typos
Posted by serveradminz, 07-12-2009, 09:28 AM
Log into your WHM at Main >> Service Configuration >> Exim Configuration Editor and check these to boxes: Reject mail at SMTP time if the sender host is in the bl.spamcop.net rbl Reject mail at SMTP time if the sender host is in the zen.spamhaus.org rbl
Posted by srenkema, 07-14-2009, 08:27 AM
My two pennies: - Get yourself a proper outgoing filter to scan outgoing mail and lock spamming accounts before they blacklist your IP(s). - For incoming email, open-source does A job but not THE job, question you will have to ask yourself is whether you want to deal with spam at all or whether you prefer being spamfree completely by outsourcing the problem to a specialised firm. There is very affordable solutions in the market with plugins to cPanel and the like.. cheers + good luck! Last edited by bear; 07-15-2009 at 12:28 PM.
Posted by alexeygu, 07-14-2009, 06:37 PM
What commercial solutions do you recommend?
Posted by srenkema, 07-15-2009, 11:11 AM
Maybe I missed it but could you explain exactly what it would be that you are looking for? I mean, are you looking to filter few domains with a LOT of users, or more shared-hosting clients (many domains with relatively less users), are you looking for outgoing or incoming filtering or both? What is your budget? <> there is quite a lot of variable which would be necessary to elaborate a bit on before being able to give you exact recommendations. Cheers Last edited by bear; 07-15-2009 at 12:32 PM.

Add to Favourites Print this Article