Results 1 to 11 of 11
  1. #1
    Join Date
    Jul 2009
    Posts
    55

    Preventing cPanel users from spamming

    Hello,

    I have a shared hosting server and one of my servers was recently compromised and used to send SPAM therefore it was banned from all major email service providers, including Hotmail, Yahoo! and Gmail.

    Only one of the sites on the server was compromised and darkmailer.pl, dm.cgi, dosja.cgi etc was uploaded and without causing any load or something that can be noticed the sever was banned!

    Could you please tell me how can I prevent this from happening again?

    Thanks.

  2. #2
    Join Date
    May 2008
    Location
    Citrus Heights, CA
    Posts
    1,716
    There should be a setting in WHM that says Tweak Settings. Go there, then go to Mail. You should see a field called "The maximum each domain can send out per hour". Just change the number to what you want the limit to be (0 is unlimited)
    Best Regards,

    Mark

  3. #3
    Just setup Reverse DNS for your server IP. That will help in one manner

  4. #4
    Join Date
    Jul 2009
    Posts
    55
    Hello,

    I had this set to a low number but it didn't stop these scripts from bypassing it.

  5. #5
    Join Date
    May 2008
    Location
    Citrus Heights, CA
    Posts
    1,716
    meh, you would need to tweak it to force people to use smtp to send.
    Best Regards,

    Mark

  6. #6
    Join Date
    Jul 2009
    Posts
    55
    Quote Originally Posted by sysgallery View Post
    Just setup Reverse DNS for your server IP. That will help in one manner
    Does that help to stop the SPAM from being sent or just improve the IP reputation?

  7. #7
    In the WHM Exim Confiratguion editor, you can enable Spamassasin. These help block most spam emails.
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  8. #8
    Join Date
    Apr 2007
    Posts
    3,513
    Change the max email per hour, and manually check the email ques and stats when your bored
    Also spamassasin is gooood.
    - Buying up websites, side-projects and companies - PM Me! -

  9. #9
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    19,185
    Quote Originally Posted by inspiron View Post
    In the WHM Exim Confiratguion editor, you can enable Spamassasin. These help block most spam emails.
    Hello,
    I believe he is refering to outgoing, not incomming.

    In all reality, there is no way to completely protect yourself from this, it is one of the problems that hosts commonly and consistantly have to face.
    In my case I have WHM e-mail a special support inbox with an alert when a script that sends e-mails is uploaded. I then have a staff member review it. This equals alot of busy work, but it is less work then getting IP Addresses removed from the smal list.
    Keith I Myers
    KMyers.me The rantings of a lunatic
    Geek Survival Guide - Reviews and Advice for Geeks

  10. #10
    Join Date
    Nov 2006
    Location
    Houston, TX
    Posts
    563
    You may also want to enable the SMTP Tweak in WHM -> Security -> Security Center to prevent folks from bypassing your SMTP server (and thus bypass any limits you set).
    David Grega
    cPanel Technical Product Specialist

  11. #11
    Join Date
    Apr 2002
    Posts
    930
    If you just have cPanel without an iptables firewall, such as Configserver's CSF or RFX's APF, then you need to enable the SMTP Tweak in the WHM. Click on Security Center under Security in the left frame of root's WHM. Then click on SMTP Tweak and enable that.

    If you are using CSF, then you should not enable this in the WHM. Instead enable it through CSF's configuration file. In the file /etc/csf/csf.conf make sure the SMTP_BLOCK option is enabled:

    Code:
    SMTP_BLOCK = "1"
    Restart CSF after you've done this.

    APF probably has a similar feature, but I'm not sure about it's configuration.

    To test this, log into SSH for a regular, non-root account on your server. From the shell prompt type:

    Code:
    telnet mx1.hotmail.com 25
    If you get an SMTP banner, then this SMTP tweak is either not enabled properly or not working.

Similar Threads

  1. preventing users from connecting to other users database
    By beautiful mind in forum Hosting Security and Technology
    Replies: 7
    Last Post: 03-25-2009, 09:50 PM
  2. Preventing "JavaScript disabled users" to send unvalidated forms.
    By BurakUeda in forum Programming Tutorials
    Replies: 2
    Last Post: 01-04-2006, 01:18 PM
  3. HOWTO: Preventing Secondary FTP Users From Deleting Files In A Certain Folder.
    By Joseph_M in forum Hosting Security and Technology Tutorials
    Replies: 2
    Last Post: 03-08-2005, 05:41 AM
  4. preventing spamming using form to email
    By bluebubble in forum Hosting Security and Technology
    Replies: 3
    Last Post: 07-19-2004, 06:06 AM
  5. Is anyone else doing this? (preventing users from reading other users files)
    By BP Steven in forum Hosting Security and Technology
    Replies: 10
    Last Post: 06-11-2003, 06:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •