I did a backup of the hosting account domain recently and noticed the extreme size in the backup file. Upon investigating I found the mail directory to be extremely large. I went into the account and removed the files. Upon removal. I checked my mail for that account to find 6159 e-mails waiting. To my shock they were all Mail Delivery Undeliverable E-Mails.
Spammer.
We have already removed all formmails in the past from the system so I know they are not going through this. I also have mail watch installed. No open relays.
Mails are also presently limited to 100 per hour.
The addresses appear random names etc. @mydomain.com
We have a firewall installed etc.
Along with the
"Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)"
feature, what additional prevention can be done taken?
Full Version: Spammer
I found a few e-mails with the original e-mail attached. Spamcop.com'd the headers and find....
REPORT SPAM TO: POSTMASTER@KORNET.NET;ABUSE@KORNET.NET;SUPPORT@KORNET.NET;SPAMRELAY@CERTCC.OR.KR (61.74.67.158)
So it appears they are simply using our hosting domain as a return address. How lame.
REPORT SPAM TO: POSTMASTER@KORNET.NET;ABUSE@KORNET.NET;SUPPORT@KORNET.NET;SPAMRELAY@CERTCC.OR.KR (61.74.67.158)
So it appears they are simply using our hosting domain as a return address. How lame.
QUOTE
Originally posted by solokron
I did a backup of the hosting account domain recently and noticed the extreme size in the backup file. Upon investigating I found the mail directory to be extremely large. I went into the account and removed the files. Upon removal. I checked my mail for that account to find 6159 e-mails waiting. To my shock they were all Mail Delivery Undeliverable E-Mails.
Spammer.
We have already removed all formmails in the past from the system so I know they are not going through this. I also have mail watch installed. No open relays.
Mails are also presently limited to 100 per hour.
The addresses appear random names etc. @mydomain.com
We have a firewall installed etc.
Along with the
"Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)"
feature, what additional prevention can be done taken?
I did a backup of the hosting account domain recently and noticed the extreme size in the backup file. Upon investigating I found the mail directory to be extremely large. I went into the account and removed the files. Upon removal. I checked my mail for that account to find 6159 e-mails waiting. To my shock they were all Mail Delivery Undeliverable E-Mails.
Spammer.
We have already removed all formmails in the past from the system so I know they are not going through this. I also have mail watch installed. No open relays.
Mails are also presently limited to 100 per hour.
The addresses appear random names etc. @mydomain.com
We have a firewall installed etc.
Along with the
"Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)"
feature, what additional prevention can be done taken?
Do not check the option, "Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)" unless you are running phpsuexec and i gather your not.
Anybody can install a version of formmail in cgi-bin, rename it and you would never know it was a formmail script that was being run. Also, did you disable formmail in /cpanel/cgi-sys/?
I understand that.
Of course they can.
Of course it is.
Of course they can.
Of course it is.
QUOTE
Originally posted by aussie
Do not check the option, "Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)" unless you are running phpsuexec and i gather your not.
Anybody can install a version of formmail in cgi-bin, rename it and you would never know it was a formmail script that was being run. Also, did you disable formmail in /cpanel/cgi-sys/?
Do not check the option, "Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)" unless you are running phpsuexec and i gather your not.
Anybody can install a version of formmail in cgi-bin, rename it and you would never know it was a formmail script that was being run. Also, did you disable formmail in /cpanel/cgi-sys/?
A lot of times they are bounce backs from autoresponders that you may have running. I.E. Your autoresponder got spammed from an invalid address.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.