12-27-2004, 05:03 AM
|
|
Newbie
|
|
Join Date: Sep 2000
Location: Kolkata, India
Posts: 26
|
|
Heavy Spams!!
Hi,
I m having a major problem with spams recently.
all the mails which is sent out of my server either bounces back by the spam filters of the destination servers or is lost somewhere.the mails from my server(all the domains) is automatically tranferred into the junk box or the spam box.
adding the pain is the spam source.The spam source is my own server. when i contacted the server administrator, it says :
""Looking at the headers, it looks like someone is spoofing your domain and send out fake messages -- unfortunately, there isn't much that we can do about it. .""
I receive 10,000 mails a day and my mail box is jammed.On top of that the mails i send to my clients are all bounced back or lost.
I am sure i am also listed in some anti-spam sites now after all this.
Can anyone suggest me a way out.
|
12-27-2004, 02:38 PM
|
|
Disabled
|
|
Join Date: Aug 2004
Location: Delhi, India
Posts: 213
|
|
The damage has been done. Unfortunatly you cannot get yourself out of those lists now. (as far as i know)
You said you get 10,000 mails a day & you also have a Server Admin. ... then what is he for ? Ask him to check the source of these mails & install better filtering softwares.
|
12-28-2004, 05:43 AM
|
|
Newbie
|
|
Join Date: Sep 2000
Location: Kolkata, India
Posts: 26
|
|
Unfortunetly he cant do anything.
I wanna know if the spamming is trageted on mail server IP or something else. Like it says my domain is spoofed amd is sending me spams.
Is there a way, that we can change the mail server ip and discard the current ip to avoid spams and so that i can use my mail server happily to send mails all over(as currently it is been declared a spammer and is bounced back by the spam filters of many important sites like hotmail, yahoo,etc.)
|
12-28-2004, 06:24 AM
|
|
Newbie
|
|
Join Date: Sep 2000
Location: Kolkata, India
Posts: 26
|
|
also could someone tell me what does these mean. I ran a trojan scan on my server and got these reports generated:
Possible Trojan - /lib/iptables/libipt_TARPIT.so
.
Possible Trojan - /lib/iptables/libipt_TCPMSS.so
.
Possible Trojan - /lib/iptables/libipt_TOS.so
.
Possible Trojan - /lib/iptables/libipt_TRACE.so
.
Possible Trojan - /lib/iptables/libipt_TTL.so
.
Possible Trojan - /lib/iptables/libipt_ULOG.so
.
Possible Trojan - /lib/iptables/libipt_ah.so
.
Possible Trojan - /lib/iptables/libipt_connlimit.so
.
Possible Trojan - /lib/iptables/libipt_connmark.so
|
12-28-2004, 06:36 AM
|
|
Disabled
|
|
Join Date: Aug 2004
Location: Delhi, India
Posts: 213
|
|
Hm... possibly you might have a torjan which is sending the spams & i don't think the spoofing is true .... First of all you must stop any Spam which is being sent from your server .... tell me one thing .... is the server load high ? & check the 'Manage Mail Queue' option .... does it contain more than 1000 messages ?
|
12-28-2004, 01:22 PM
|
|
WHT Addict
|
|
Join Date: Sep 2000
Location: Calcutta, India
Posts: 143
|
|
Last edited by talash; 12-28-2004 at 01:29 PM.
|
12-28-2004, 01:36 PM
|
|
Newbie
|
|
Join Date: Sep 2000
Location: Kolkata, India
Posts: 26
|
|
Exactly ankit! The mail que has always more then 1000 msgs and server load is also showing High. Could you suggest me a way out of it.
Ankita
|
12-28-2004, 03:37 PM
|
|
Disabled
|
|
Join Date: Aug 2004
Location: Delhi, India
Posts: 213
|
|
ok so someone is using ur servers to spam ..... Now we have to trace down that person ...
Follow these steps :-
1. Open WHM
2. Click on 'Manage Mail Queue'
3. It will say that their are more then 1000 mess. & ask you if you still want to see the queue. Go Forward & check the mail-queue.
4. Click on any of the mail queue ... it would be something like this '1CibJj-0001AB-Bh-H' or whatever ... now you will see the mail-headers ... it will tell you about which user is sending the Spam. Just Terminate or Suspend that user. you will find something like this :
-auth_sender usernamehere@server1.servername.com
If you see the user nobody sending the mails then it will be a difficult to trace the user sending the mails but don't worry check this thread : http://www.webhostingtalk.com/showth...hreadid=258294
This way you can see which user is acting to be nobody & sending the mails & terminate/suspend him.
|
01-07-2005, 08:40 AM
|
|
Newbie
|
|
Join Date: Sep 2000
Location: Kolkata, India
Posts: 26
|
|
Hi Ankit,
The spams are all been sent from user nobody. Infact its like user nobody@myserver.mydomainnanem.com.
I couldnt get a solution yet. Do you know any company which provides spam solution.
Do you think chnaging the server IP would help me with the mails bouncing back.
As i told you earlier, my mails are been bounced back from many Privately held servers as a spammer.
Do you have ne idea how can i get rid of this stuff.
I am not too confident with handling the root myself. Could you suggest me some reliable company which would help me out of this.
Thanks
Ankita
|
01-07-2005, 03:38 PM
|
|
Disabled
|
|
Join Date: Aug 2004
Location: Delhi, India
Posts: 213
|
|
I've never dealed with any such company so unfortuantly don't know any but if you'd like I can do it for you myself ... PM me if ur interested.
Also since you have already been declared as a spammer you might want to change your ServerName aswell as IP to solve the issue.
|
01-08-2005, 01:20 AM
|
|
Newbie
|
|
Join Date: Sep 2000
Location: Kolkata, India
Posts: 26
|
|
Yes Ankit.
I am interested.Could u tell me how can i go for it.
Ankita
|
01-09-2005, 11:05 AM
|
|
Newbie
|
|
Join Date: Jan 2005
Posts: 27
|
|
It is better who has servers take away users from spamming
must of tools filter incomming emails but I can,t find a tools filter outgioing emails!!!!
you can see below for more informations:
forums.cpanel.net/showthread.php?t=34195
I hope it can help you !!!
|
02-09-2005, 10:08 AM
|
|
Newbie
|
|
Join Date: Aug 2004
Location: Kansas
Posts: 25
|
|
Hi guys,
I think my server is sending spam.
Two nights ago, I got back about 50 bounced emails to my sales account.
I disabled the account and changed all passwords, but this morning I get a notice that an email has been sitting in the que for over 4 hours from the same account.
That message is one of the spam emails that was being sent the night before.
I'm the only one with access to this account and know that this is not something that I had sent.
I'm on a managed server but the support team was unable to find anything.
Can anyone help or give some advice?
My main concern is that there maybe a script installed somewhere that's sending these as the 1st night it appeard that all where sent around 12am.
I've ran Rkhunter & chkrootkit but they have not found anything.
All accounts are very low traffice & people whom I know.
Thanx
Jeremy
|
02-10-2005, 04:05 AM
|
|
Junior Guru Wannabe
|
|
Join Date: Sep 2003
Posts: 47
|
|
same thing happen to me. My /tmp folder has werid files.
even after running /scripts/tmp
now and then theres tar files of paypal and other email listing int he folder...
viewed logs and no sign of ssh logining or anything..
Cardin Nguyen
|
02-11-2005, 08:04 AM
|
|
Web Hosting Master
|
|
Join Date: Nov 2004
Location: India
Posts: 1,069
|
|
You need to be carefull with those files. If you have old versions of phpbb ask your clients to upgrade it to new ones. Also your server needs a Security Audit.
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
