06-20-2009, 04:34 AM #1Web Hosting Guru
- Join Date
- Nov 2003
Mail proxy: how to stop CGI mail proxies?
During last week, two of our clients' accounts got compromised (most probably due to weak passwords) and there was a CGI script installed which started sending emails to more than 200,000 email accounts. This email addresses were stored in a text file.
By the time we noticed this activity, our server got black listed on major RBLs like Barracuda, SpamCop, Spamhaus etc and it took around 2 days to cleanup
3 days later, another account compromised with same *thing* and it really is pain in the arse now dealing with this and angry clients
We've already implemented a policy to restrict users to send 100 messages/per hour/domain which is working, but it seems this *thing* bypass exim.
I guess this Open Proxy Servers a Source of Spam is what i want to explain!!
So my question is, if I've understood this right, is it possible to stop scripts like this or can we enforce mailman to use exim all the time to send messages and stop direct-mailing?
Your suggestions are highly appreciated."An army of sheep led by a lion would defeat an army of lions led by a sheep"
06-20-2009, 06:26 AM #2Web Hosting Master
- Join Date
- Nov 2004
If you're running cPanel/WHM, you can turn on the WHM feature called "SMTP tweak" which blocks outgoing email on port 25, so these CGI scripts can't run.
Also, you'd do well to install CSF. It has an "SMTP tweak" port 25 blocking mechanism as well. It'll also warn you if it sees lots of emails going out.
It really depends whether the lions were in the mood to listen to the sheep....
Last edited by brianoz; 06-20-2009 at 06:29 AM.
By annuncinetwork in forum Hosting Security and TechnologyReplies: 7Last Post: 03-30-2009, 11:12 AM
By JediKnight2 in forum Hosting Security and TechnologyReplies: 0Last Post: 02-04-2006, 10:53 AM
By cyberstriker in forum Dedicated ServerReplies: 7Last Post: 03-10-2005, 08:58 PM
By UnifiedNet in forum Web HostingReplies: 93Last Post: 10-12-2004, 08:26 PM
By coxy26 in forum Dedicated ServerReplies: 1Last Post: 01-29-2004, 06:26 AM