Results 1 to 18 of 18
  1. #1
    Join Date
    Apr 2007
    Location
    Tamilnadu, India.
    Posts
    24

    how to find & stop spammers from my server

    Dear Friends

    It is a vps server, centos running on it, my exim queue is quite large 82000..

    cpanel server

    someone sending spam emails from my server..

    how to find the spammer??

    Thanks in advance!

    Reg
    praveen
    Last edited by egraphica; 11-20-2009 at 03:40 AM.


  2. #2
    Join Date
    Mar 2009
    Location
    /usr/bin/perl
    Posts
    971
    Is this a cPanel server? If so, adjusting the maximum number of emails a user can send in one hour should be relatively painless.

    I also believe cPanel gives you statistics on such things. If you're not using cPanel you could always audit your logs either manually or with some type of log-parsing script.
    Ask me about CloudCentrum (coming soon) -- The complete, turn-key cloud software solution

  3. #3
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,930
    Assuming you're running cPanel/WHM:
    WHM > Email > View Mail Statistics > Top 50 local senders by message count

    If not:
    /var/log/exim_mainlog
    Last edited by ZKuJoe; 11-20-2009 at 03:46 AM.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  4. #4
    Join Date
    Apr 2007
    Location
    Tamilnadu, India.
    Posts
    24
    Hi e-Sensibility

    yes it is cpanel sever, now the email per hour limit is 1000, want to increase this?


  5. #5
    Join Date
    Apr 2007
    Location
    Tamilnadu, India.
    Posts
    24

  6. #6
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    Now you are posting user information on a public forum. Maybe you don't care if you divulge spammer info - I can almost understand that. But given your lack of knowledge, you might end up implicating innocent people too. What if the user noted above is a legitimate user? Regardless, do you think people will be keen to use your service when they discover you post potentially private information on a widely read forum?
    Last edited by Christian; 11-20-2009 at 11:26 PM.
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  7. #7
    Join Date
    May 2008
    Location
    Citrus Heights, CA
    Posts
    1,716

  8. #8
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,930
    Quote Originally Posted by mwatkins View Post
    Now you are posting user information on a public forum. Maybe you don't care if you divulge spammer info - I can almost understand that. But given your lack of knowledge, you might end up implicating innocent people too. What if the user noted above is a legitimate user? Regardless, do you think people will be keen to use your service when they discover you post potentially private information on a widely read forum?
    I agree 100%. It's sad that people like this have so little value of other people that they treat other people's potential livelyhood like a game.
    Last edited by Christian; 11-20-2009 at 11:26 PM.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  9. #9
    Join Date
    Nov 2009
    Location
    Nasik,India
    Posts
    252
    Hi,

    For this first u have to clear all ur pending mails by
    for count how many mails in que
    exim -bpc

    and if u want to see all details regarding which mails are in que then give
    exim -bp

    first delete all forgen mail by using following command

    /usr/sbin/exim -bp | awk '$6~"frozen" { print $3 }' | xargs /usr/sbin/exim -Mrm


    Enjoy.....

  10. #10
    Join Date
    Apr 2007
    Location
    Tamilnadu, India.
    Posts
    24
    dear mwatkins

    that is spammer email id, not my customer id
    also im a vps owner, not a admin, already raised a ticked to vps vendor

    just a curiosity about to know other people suggestions on this issue..


  11. #11
    Check the mail queue options. If you will find the bunch of email waiting to be sent, because it might be sent to wrong address or if the address might does not exist. Also checking the maillog you can trace the spammer
    Also use the EXIM/WHM tool use to manage the mail stats link. This will tell you that who is sending the most mail.
    Shared Hosting | Reseller Hosting | VPS Hosting | Dedicated Servers
    KeserHosting.Com

  12. #12
    Join Date
    Jan 2002
    Location
    Home, chair
    Posts
    723
    Also recompile your apache+php and in php options choose "Mail headers", that will show the php script in the email headers that sends spam if that is what spammers use. So when someone reports spam to you, ask them to forward to you the spam email with full headers and you catch the culprit.

  13. #13
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    Quote Originally Posted by egraphica View Post
    that is spammer email id, not my customer id
    also im a vps owner, not a admin, already raised a ticked to vps vendor
    My comments stand.

    In particular whether your "server" is real or virtual, you carry more of the responsibility for its proper operation than say if you were a reseller of shared hosting.

    You acknowledge that you have "customers". If you offer a service for a fee, do you not think that you should know how to properly operate and manage that service which you purport to offer?

    I doubt your service advertises itself as "You can buy from us with confidence as our service is run by people who know less than you do!" Indeed the link attached to your id suggests that you folks have years of experience and are able to step up to any challenge, yet here you are with a fairly basic and routine or commonplace challenge and are stumped.

    Not only are you stumped but you haven't even the vaguest notion of how to proceed. Not good!
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  14. #14
    Join Date
    Apr 2007
    Location
    Tamilnadu, India.
    Posts
    24
    My comments stand.

    In particular whether your "server" is real or virtual, you carry more of the responsibility for its proper operation than say if you were a reseller of shared hosting.

    You acknowledge that you have "customers". If you offer a service for a fee, do you not think that you should know how to properly operate and manage that service which you purport to offer?

    I doubt your service advertises itself as "You can buy from us with confidence as our service is run by people who know less than you do!" Indeed the link attached to your id suggests that you folks have years of experience and are able to step up to any challenge, yet here you are with a fairly basic and routine or commonplace challenge and are stumped.

    Not only are you stumped but you haven't even the vaguest notion of how to proceed. Not good!
    asking for solution, if you know you can talk, otherwise please keep quite & exit from this thread, i don't need your advise about my business..


  15. #15
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    I shall say this as politely as I am able to.

    I felt I gave good advice earlier, as I certainly was not being flippant when I advice that you ought to close down your business. That was serious, well-intended, advice, whether you are happy to hear it or not. I would (and occasionally have) said the same to many in your situation because sadly there are far too many providers out there whose technical abilities are insufficient to meet the needs of a hosting service provider.

    Carrying on business without experienced in-house talent or an on-going contract for hired specialists means you are opening yourself -- and especially your clients -- to business risks beyond your ability to cope.

    What risks? This could be anything from having your server shut off by your upstream provider -- a very real possibility since you aren't able to properly secure and manage the virtual server and the applications running upon it -- to having it compromised / infected / data stolen or destroyed / used to compromise other machines / etc. In many of these cases your clients will feel a financial impact that they may wish to go after you for compensation.

    If you sell a service based on a clearly stated set of service level and experience level expectations, but do not have a hope in being able to live up to those expectations *you* set, is to carry on a fraudulent enterprise.

    If a client were to experience losses, they stand a good chance at being able to prove that you have been wilfully negligent in any lawsuit which may arise in the future.

    Regarding the issue itself, have you:

    - looked at some of the offending spam and checked the mail headers to see if it is possible they originated wholly from your machine (a local user)?
    - ascertained whether your machine is acting as an open relay?
    - identified any application(s) allowing unauthorized mail sending, and,
    - taken the advice above about adding email headers to help track the source?

    Finally, what does your provider say? They (or you) appear to be a WiredTree client, and WiredTree is known for support. If your relationship is not directly with Wiredtree, it is unlikely that they will step in to support your provider to support you. In any case it really is in your lap if your clients and/or the applications that they run are the root cause of this spam attack.

    If I were you I would take immediate steps to avoid any future charges of negligence, and those steps should not be limited to waiting for free advice here.
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  16. #16
    Join Date
    Apr 2007
    Location
    Tamilnadu, India.
    Posts
    24
    Sorry mwatkins

    i got your point & i accept your suggestions..

    i outsourced this issue to a talented server admin team.. they will fix it soon..

    thanks


  17. #17
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    Excellent news. Good luck!
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  18. #18
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    Good on you for listening to mwatkin's excellent advice; he knows what he's talking about.

    A useful tip if you're using cpanel is to reduce the amount of outgoing email per hour to something small like 150 or 200 per hour. Then for specific users needing more, you can increase it with /var/cpanel/maxemails.

Similar Threads

  1. How to stop spammers?
    By Jack Skelton in forum Hosting Security and Technology
    Replies: 9
    Last Post: 07-01-2008, 01:15 AM
  2. How to stop spammers - help?
    By Zaggs in forum Hosting Security and Technology
    Replies: 5
    Last Post: 05-01-2007, 10:01 AM
  3. How to stop spammers!!!
    By captainmk in forum Hosting Security and Technology
    Replies: 4
    Last Post: 09-21-2006, 10:08 AM
  4. How to stop these spammers?
    By lanas in forum Domain Names
    Replies: 8
    Last Post: 11-10-2005, 11:26 PM
  5. How to stop spammers
    By Crypto in forum Web Hosting
    Replies: 6
    Last Post: 09-04-2002, 03:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •