Web Hosting Talk






PDA

View Full Version : spam

jason_s
11-25-2001, 08:41 PM
Some idiot has installed a cgi-script on my server to send out bulk-mail. I found out right after he/she ran the script and immediately disabled the account. I am currently gathering evidence/info so I can contact this person.
From those that have been through this, any suggestions??
This is a clear violation of my Terms of Service.
cyansmoker
11-25-2001, 09:27 PM
What I find interesting here, it that the same thing happend to us at the same time.
But I guess bulk mail scripts are more common that you would think.

Maybe it was the same person? (although I suspect many spammers thought that Thanksgiving would be a good time to pull that kind of trick, since monitoring would be more loose)...
Palm
11-25-2001, 09:33 PM
SPAM accounts get terminated no matter what is the excuse. I find people trying to make up excuses that it wasn't SPAM while I'm receiving complains of sex advertisment.
Lmax
11-25-2001, 09:33 PM
How did you find out?? What triggered "your alarm"??
jason_s
11-25-2001, 09:41 PM
Well, a review of my logs showed a ton of bounce-reply emails from various ISPs for non-existent email addresses coming into the server.

I checked into the account and sure enough, it looks like they uploaded a 58400 line email list and commenced to spamming!

My MRTG graphs for that 5 minutes tell the tale as well. Being a relatively new host, I try to keep a close eye on this type of stuff.

I've already terminated the account, I am currently preparing a message to all contacts for the domain, the ISP for their IP address and the users email address to explain why they were terminated.

Any further suggestions, besides hunting them down and strangling them?:mad:
bobcares
11-26-2001, 04:26 AM
Hi!
I'm assuming that you are using sendmail.
You can do the following
1) See the mailque (just type mailq )
This would show the list of mails not sent out as yet. The spammers name would be there.
2) You must secure formmail.pl if you have it. Many people exploit it now a days... The latest version is quite trouble free .... :)
3) Set up sendmail such that the load average is low the nimber of mails in the queue is always limited.
4) Enable pop before authentication. This really helps a lot...

Have a great day :)

Regards
amar