Results 1 to 9 of 9
  1. #1
    Join Date
    Nov 2002

    Need eargent help dealing with a spammer

    Hello everyone,

    I really need some help from you guys dealing with a spammer who has been sending out mass spams through our server.

    Below is a copy of the mail which is being sent by the thousands:

    ------ This is a copy of the message, including all the headers. ------

    Received: from nobody by *ourservername* with local (Exim 4.50)
    id 1DJpKW-0006M2-4w
    for [email protected]; Fri, 08 Apr 2005 01:59:08 -0700
    To: [email protected]
    Subject: Assalamu Alaikkum
    From: Prince Hammed .F. Bolkiah
    Reply-To: [email protected]
    MIME-Version: 1.0
    Content-Type: text/plain
    Content-Transfer-Encoding: 8bit
    Date: Fri, 08 Apr 2005 01:59:08 -0700


    Assalamu Alaikkum

    I am contacting you for an Urgent Business Transaction and further explicit investment information about your country.

    I need you to read this email message carefully because it is very imperative.

    I am Prince Hammed .F. Bolkiah, the eldest son of Prince Jefri Bolkiah who was the former Finance Minister of Brunei, located in the northwest of the island of
    Borneo. Brunei Darussalam is a small country governed according to Islamic values and traditions by HisMajesty Sultan Haji Hassanal Bolkiah Mu?izzaddin
    Waddaulah.The country?s official name is Negara Brunei Darussalam ("abode of peace"). It is a member of APEC,ASEAN, BIMP-EAGA, and the Organisation of Islamic States as well as the United Nations and the

    I will save your time by not amplifying my extended Royal Family history which has already been disseminated by the international media during the
    controversial dispute that erupted between my father and his stepbrother, the sultan of Brunei Sheik Muda Hassanal Bolkiah.As you may know from the international media, the sultan had accused my father of financial
    mismanagement and impropriety of US$14.8 Billion.This was as a result of the Asian financial crisis that made my father company Amedeo Development Company and government owned Brunei Investment Agency to be declared bankrupt during his tenure in office.Prince Jefri was relieved of his post as Finance Minister of Brunei and was stripped of his chairmanship post as head of the nation's
    international investment arm, the Brunei Investment Agency in February 1998. The Agency controls 13 companies & Brunei's overseas assets.In July 1998 the Sultan barred trading by Amedeo when the world's biggest corporate debt of US$14 Billion came to light.

    In September the 1998, the Sultan ordered an investigation of the BIA by accountants KPMG after the Brunei government alleged that "large sums of money" had been misappropriated to companies controlled by Prince Jefri.The Sultan then asked the Bank of England to help track down an alleged L28 Billion of state and family funds said to be "missing". On the 02/10/1998 Prince Jefri Bolkiah flew from London in a private jet and was going to settle matters directly with Sultan Hassanal Bolkiah.Prince Jefri drove straight to his seaside palace at Jerudong, about 10 miles south of the capital, Bandar Seri Begawan. He was due to meet with officials of the Amedeo Development Corporation and visit the sultan. Relations between the Royals appeared to deteriorate quickly. However, my father was kept under house arrest, his bank accounts and private properties including a crude oil export refinery & the sultan also strip my father of control over three large oil wells which were later confiscated by the sultanate.

    Furthermore, during this unfortunate period i was advised to evacuate my immediate family outside the sultanate to avoid further prosecution from the sultan and his security operatives, but before I could do that I was placed under house arrest by the Sultan. I have a Palm V hand-held computer from which I am sending you this mail. Before my arrest, I went ahead to dispatch the sum of US$500 Million in cash under special arrangement into the custody of different Private security and Trustee companies for safe keeping abroad.

    The money where splitted and kept in the following countries in this proportion: US$45 Million is in England, US$40 Million is in Spain, US$40 Million is in Saudi Arabia, US$32 Million is in United Arab Emirate, US$60 Million is in Malaysia.$35million is in Canada, and $48million is in Holland, while the balance of $200million is in Libya.

    I am unable to reach my friends & associates whom would have provided all the much needed moral and financial assistance i require because my diary have
    being siezed by my uncle Sheik Muda Hassanal Bolkiah who is also the Sultan of Brunei.

    Hence, I seek your good assistance to receive and invest these funds into profitable investment in your country to facilitate future survival for my family abroad. I will compensate adequately for your strong cooperation.

    I am counting on your absolute confidentiality and transparency while looking forward to your prompt reply towards a swift conclusion of this business

    May Allah's blessing remain with you & guide on the straight path, Amin.

    Wassalam & Best regards,
    Prince Hammed .F. Bolkiah
    Brunei Darussalam.

    I have gone through all my users and made sure files ** or cgi** is not running on any of the sites.

    I also made sure that the formmail.cgi on the server is up todate.

    It looks like if I disable **nobody sending mail** in WHM, the spams will stop but disabling this feature permanently is not an option as a lot of scripts used by my users need this enabled for their scripts to send out mail.

    Any advise from you all will be greatly appreciated as I do not know what else I can do to stop this.


  2. #2
    Join Date
    Jan 2004
    North Yorkshire, UK

  3. #3
    Join Date
    Nov 2002
    ****Terminate the account and delete everything from the mail queue.
    What panel are you running?****

    Thanks for the reply.

    I am using cpanel and what account to delete???

    It does not tell me what account the spams are being send out.

  4. #4
    Join Date
    Jan 2005
    Birmingham, Alabama, United States
    I would maybe reccomend contacting a professional server administration company. They will be able to provide you with the best assistance in such a situation as this one. Best of luck!
    JB Cowan
    Rack Masters
    Systems Administrator And Owner

  5. #5
    Join Date
    Apr 2003
    San Jose, CA.
    Well... if it's being sent out through some type of html form or cgi script... then you'd likely have some sort of correlateable web log entry to the times the messages are going out through your mailserver.

    Compare outgoing mailserver logs to httpd logs.

  6. #6
    Howmany other people are you sharing this box with..?

  7. #7
    Join Date
    Mar 2004
    Contact Brunei embassy in your country and they will know how to catch him :-)
    I think you have to hire a professional server management as RackMasters5 suggested.

  8. #8
    Join Date
    Jun 2002
    Karachi, Pakistan
    Turn on suexec. That would tell you which user the process is being run under *if* he is using some sort of a web script to send out this mail.
    Discounted Web Hosting in Pakistan By Inspedium Corp.

  9. #9
    Join Date
    Mar 2004
    Turning suexec on doesn't mean breaking some perl scripts!?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts