var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
Alot of spam sent..
I've been using the same server for the last 3 years, I run a few websites but they are small, im running CentOS and the latest cPanel WHM.
Recently i've had emails bouncing back as my IP has been blacklisted due to spam, Thought it was odd.. So went through my logs and statistics and found a few things..
This is the report for the last 2 days.. "Exim statistics from 2011-03-21 20:33:03 to 2011-03-23 22:36:09"
**bypassed** 931KB 98
local_delivery 135MB 41565
remote_smtp 84MB 62014
virtual_userdelivery 17MB 147
Top 50 sending hosts by message count
Messages Bytes Average Sending host
122972 304MB 2592 local
As you see, thats some serious spam.. but how can i find where its originating from? I've changed "Prevent “nobody” from sending mail" to "On" but its still going..
I think that you are using dedicated IPs? Do you host other sites? Maybe someone use spam sending software there?
Yeah using dedicated ips, I host other sites but controlled by me, Basically design a website, host it and thats it.
Have just looked at my queue and heres one..
theaccount 32007 32009
-auth_sender [email protected]**.com
204P Received: from theaccount by server.**.com with local (Exim 4.69)
(envelope-from <[email protected]**.com>)
for [email protected]; Wed, 23 Mar 2011 23:42:50 +1300
035T To: [email protected]
029 Subject: Surgery to correct.
043F From: Mikhail Sereda <[email protected]>
038R Reply-To: [email protected]
018 MIME-Version: 1.0
025 Content-Type: text/plain
032 Content-Transfer-Encoding: 8bit
051I Message-Id: <[email protected]**.com>
038S Sender: <[email protected]**.com>
038 Date: Wed, 23 Mar 2011 23:42:50 +1300
Close port 25 on your firewall.
You really spout off a lot of useless information that could be detrimential to helping solve issues.
Originally Posted by Question Everything
OP, have you looked at your apache logs to see if any scripts are ran way more than others? You could have an exploit on the server from a non-updated script.
If you look at the que and see the same username show up frequently, its possible the issue resides in that users account.
Do you use suphp or fastcgi?
By umer in forum Hosting Security and Technology
Last Post: 10-13-2007, 04:04 PM
By splat2007 in forum Web Design and Content
Last Post: 10-24-2005, 04:49 PM
By thomor25 in forum Web Hosting
Last Post: 07-06-2004, 10:22 PM