I have spam originating from my server and I'm unable to stop it unfortunately. I've check and logged the web and scripts and its not any kind of script.
STMP is used for the spam. I'm unable to find the user of the authenticated mail account if it exist. Or maybe qmail is hacked ???
Qmail-scanner, clamav and greylisting is installed in the server.
How can I trace the source ???
Plesk is 8.0.1.
Here is a log:
Received: (qmail 3849 invoked by uid 10172); 27 Jan 2008 14:49:19 +0200
Received: from 59.35.2.67 by myserver.com (envelope-from < mprt@myserver.com> , uid 2020) with qmail-scanner-2.01st
(clamdscan: 0.88.3/5565. perlscan: 2.01st.
Clear:RC:0(59.35.2.67):.
Processed in 0.065468 secs); 27 Jan 2008 12:49:19 -0000
Received: from 67.2.35.59.broad.st.gd.dynamic.163data.com.cn (HELO yjrq) (59.35.2.67)
by myserver.com with SMTP; 27 Jan 2008 14:49:18 +0200
Message-ID: < 001344848114$43158547$32368861@yjrq>
From: =?big5?B?uvS49KbmvlCkQKfiuG4=?= < mprt@myserver.com>
Full Version: spam problem....
You sure it is going out of your server and not just listing your email address as the return address?
You may want to try this script for detecting nobody processes running. It found a few scripts, on my server, that clients got into their site due to insecure scripts (gallery and avatar uploading enabled). I have a client trying to run an IRC bot on his site and this detects when he uploads it and automatically deletes it.
http://www.webhostgear.com/index.php?art/id:353
You may want to try this script for detecting nobody processes running. It found a few scripts, on my server, that clients got into their site due to insecure scripts (gallery and avatar uploading enabled). I have a client trying to run an IRC bot on his site and this detects when he uploads it and automatically deletes it.
http://www.webhostgear.com/index.php?art/id:353
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.