Results 1 to 18 of 18

Thread: Heavy Spams!!

  1. #1
    Join Date
    Sep 2000
    Location
    Kolkata, India
    Posts
    32

    Unhappy Heavy Spams!!

    Hi,

    I m having a major problem with spams recently.

    all the mails which is sent out of my server either bounces back by the spam filters of the destination servers or is lost somewhere.the mails from my server(all the domains) is automatically tranferred into the junk box or the spam box.

    adding the pain is the spam source.The spam source is my own server. when i contacted the server administrator, it says :

    ""Looking at the headers, it looks like someone is spoofing your domain and send out fake messages -- unfortunately, there isn't much that we can do about it. .""

    I receive 10,000 mails a day and my mail box is jammed.On top of that the mails i send to my clients are all bounced back or lost.

    I am sure i am also listed in some anti-spam sites now after all this.

    Can anyone suggest me a way out.

  2. #2
    Join Date
    Aug 2004
    Location
    Delhi, India
    Posts
    218
    The damage has been done. Unfortunatly you cannot get yourself out of those lists now. (as far as i know)

    You said you get 10,000 mails a day & you also have a Server Admin. ... then what is he for ? Ask him to check the source of these mails & install better filtering softwares.

  3. #3
    Join Date
    Sep 2000
    Location
    Kolkata, India
    Posts
    32
    Unfortunetly he cant do anything.

    I wanna know if the spamming is trageted on mail server IP or something else. Like it says my domain is spoofed amd is sending me spams.

    Is there a way, that we can change the mail server ip and discard the current ip to avoid spams and so that i can use my mail server happily to send mails all over(as currently it is been declared a spammer and is bounced back by the spam filters of many important sites like hotmail, yahoo,etc.)

  4. #4
    Join Date
    Sep 2000
    Location
    Kolkata, India
    Posts
    32
    also could someone tell me what does these mean. I ran a trojan scan on my server and got these reports generated:

    Possible Trojan - /lib/iptables/libipt_TARPIT.so
    .

    Possible Trojan - /lib/iptables/libipt_TCPMSS.so
    .

    Possible Trojan - /lib/iptables/libipt_TOS.so
    .

    Possible Trojan - /lib/iptables/libipt_TRACE.so
    .

    Possible Trojan - /lib/iptables/libipt_TTL.so
    .

    Possible Trojan - /lib/iptables/libipt_ULOG.so
    .

    Possible Trojan - /lib/iptables/libipt_ah.so
    .

    Possible Trojan - /lib/iptables/libipt_connlimit.so
    .

    Possible Trojan - /lib/iptables/libipt_connmark.so

  5. #5
    Join Date
    Aug 2004
    Location
    Delhi, India
    Posts
    218
    Hm... possibly you might have a torjan which is sending the spams & i don't think the spoofing is true .... First of all you must stop any Spam which is being sent from your server .... tell me one thing .... is the server load high ? & check the 'Manage Mail Queue' option .... does it contain more than 1000 messages ?

  6. #6
    Join Date
    Sep 2000
    Location
    Calcutta, India
    Posts
    144
    What does that mean?
    Last edited by talash; 12-28-2004 at 01:29 PM.
    Submit2Please.com - Submit your site to 500+ SEO friendly directories
    EasySiteEdit.com - Point. Click. Edit. Works with existing site.

  7. #7
    Join Date
    Sep 2000
    Location
    Kolkata, India
    Posts
    32
    Exactly ankit! The mail que has always more then 1000 msgs and server load is also showing High. Could you suggest me a way out of it.

    Ankita

  8. #8
    Join Date
    Aug 2004
    Location
    Delhi, India
    Posts
    218
    ok so someone is using ur servers to spam ..... Now we have to trace down that person ...

    Follow these steps :-

    1. Open WHM
    2. Click on 'Manage Mail Queue'
    3. It will say that their are more then 1000 mess. & ask you if you still want to see the queue. Go Forward & check the mail-queue.
    4. Click on any of the mail queue ... it would be something like this '1CibJj-0001AB-Bh-H' or whatever ... now you will see the mail-headers ... it will tell you about which user is sending the Spam. Just Terminate or Suspend that user. you will find something like this :

    -auth_sender usernamehere@server1.servername.com

    If you see the user nobody sending the mails then it will be a difficult to trace the user sending the mails but don't worry check this thread : http://www.webhostingtalk.com/showth...hreadid=258294

    This way you can see which user is acting to be nobody & sending the mails & terminate/suspend him.

  9. #9
    Join Date
    Sep 2000
    Location
    Kolkata, India
    Posts
    32
    Hi Ankit,

    The spams are all been sent from user nobody. Infact its like user nobody@myserver.mydomainnanem.com.

    I couldnt get a solution yet. Do you know any company which provides spam solution.

    Do you think chnaging the server IP would help me with the mails bouncing back.

    As i told you earlier, my mails are been bounced back from many Privately held servers as a spammer.

    Do you have ne idea how can i get rid of this stuff.

    I am not too confident with handling the root myself. Could you suggest me some reliable company which would help me out of this.

    Thanks
    Ankita

  10. #10
    Join Date
    Aug 2004
    Location
    Delhi, India
    Posts
    218
    I've never dealed with any such company so unfortuantly don't know any but if you'd like I can do it for you myself ... PM me if ur interested.

    Also since you have already been declared as a spammer you might want to change your ServerName aswell as IP to solve the issue.

  11. #11
    Join Date
    Sep 2000
    Location
    Kolkata, India
    Posts
    32
    Yes Ankit.

    I am interested.Could u tell me how can i go for it.

    Ankita

  12. #12
    It is better who has servers take away users from spamming
    must of tools filter incomming emails but I can,t find a tools filter outgioing emails!!!!
    you can see below for more informations:
    forums.cpanel.net/showthread.php?t=34195
    I hope it can help you !!!

  13. #13
    Hi guys,
    I think my server is sending spam.
    Two nights ago, I got back about 50 bounced emails to my sales account.
    I disabled the account and changed all passwords, but this morning I get a notice that an email has been sitting in the que for over 4 hours from the same account.
    That message is one of the spam emails that was being sent the night before.
    I'm the only one with access to this account and know that this is not something that I had sent.
    I'm on a managed server but the support team was unable to find anything.
    Can anyone help or give some advice?

    My main concern is that there maybe a script installed somewhere that's sending these as the 1st night it appeard that all where sent around 12am.
    I've ran Rkhunter & chkrootkit but they have not found anything.

    All accounts are very low traffice & people whom I know.

    Thanx
    Jeremy

  14. #14
    same thing happen to me. My /tmp folder has werid files.

    even after running /scripts/tmp

    now and then theres tar files of paypal and other email listing int he folder...

    viewed logs and no sign of ssh logining or anything..


    Cardin Nguyen

  15. #15
    Join Date
    Nov 2004
    Location
    India
    Posts
    1,104
    You need to be carefull with those files. If you have old versions of phpbb ask your clients to upgrade it to new ones. Also your server needs a Security Audit.
    AssistanZ - Beyond Boundaries...
    Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
    Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development

  16. #16
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,146
    I have found these type situations require some digging and checking of various files. The details involved are usually much more than what can be made in Forum post or more than the Tutorial it would take to explain properly.

    If you can look at an eMail in the queue and figure things out from there then that is a good start. One needs to be careful though, as the result will be shutting down a script at the minium, Suspending or Terminating an account at the maximum.

    And if you don't have rDNS setup for your Hostname and solve the problem quickly, you should be OK and not be placed on Spam lists. Best to fix pretty quick though, else, if your Server Hostname or IP gets blacklisted, you may find it easier to have another Server setup rather than try and find what Spam lists your on and how to get off.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  17. #17
    Security Audit

    whats a good place to get security audit....choon provide exellence services but I like to see a virieties of sources before making as Choon helped me out alot.

    but would like to see price differeemts and quality

    Caridn

  18. #18
    Join Date
    Feb 2005
    Location
    Minnesota
    Posts
    973
    You need to shut those servers down, this is where 90% of spam comes from is servers like this that have been compromised. Once someone has compromised your server you should look at a rebuild they could have 100 different ways setup to regain entry into your server. A security audit is not going to find them. Security audits are for new builds to check for holes in security before a server goes live and to maintain security after it goes live they will not help you rid a server of this sort of thing.

    do a proper backup of data inform your clients you will be doing maintanance at such and such time, if you can afford it replace the server keep the old as a backup. or at least keep an image(if the server uses raid use that)

    do a rebuild double check your security.

    examine the old system and find out how they got in, or how your system was compromised. find a fix and implement it on the new server.
    AfterNorth Innovative solutions for tomorrow, today.
    0spam.org AntiSpam for Service Providers
    DotNetInvoice Online Billing Solutions
    Professional Services Since 1996

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •