Web Hosting Talk






PDA

View Full Version : Prevent spamming

Lmax
01-07-2002, 01:14 PM
Hi,

This week one of my resellers signed up a new customer. After setting up the account the user uploaded a cgi script and some mailinglists and started spamming with the cgi script. It was some kind of bulk mailer. :mad:

I noticed the abuse because the serverload jumped from 0.1 to 7.0 and up. Also the mrtg graph made a big jump. :rolleyes:

Also spam complaints came rolling in after that. Still a good thing i could disable the account so fast, was only running the script for 1 hour.

Is there a easy way to prevent this. Disabling cgi isn't an option ofcourse.

any suggestions :confused:

Thanks
davidb
01-07-2002, 01:37 PM
The best thing to do is to check on your clients. Make your resellers check on their clients. You are the only one going to get blamed, but your reseller should get blamed to. This happend to me also. The second one, I prevented it because I started to check on my clients.
Synergy
01-07-2002, 02:19 PM
Another way is to check new accounts right after the first day of creation.

Most spammers do the following,

Put a index.htm
and then a mail.htm

and then there will be only 3 files in their cgi-bin

mail.cgi
somesortoflist.txt
somesortoflist2.txt
mahinder
01-07-2002, 03:10 PM
I think allot on this issue and the solution I see and I am working on is. :(

whenever users spam there is large number of emails sent every second by particular pid and sendmail.log files grows very fast. if somehow we can monitor sendmail.log file and check every minute that particular pid is used in more then x number of emails we can track that user directory and suspend the user and kill all nobody process. ;)

technically this is possible but i am not a Linux guru. :bawling: I will start working on this kind of script and release it if this worked. :( :)
davidb
01-07-2002, 04:52 PM
Better action would be to move the sendmail binaries. Of course then these people could write a script to copy the sendmail binary into their dir
skylab
01-07-2002, 05:54 PM
definately let us know about the script. if one were to move the binaries, i would imagine it would at least deter the spammers a little bit. possibly giving a host a little extra time to check the account out... (?)