Sending SPAM e-mails
Hi,
I have a Server with Linux/Cpanel, which is hosted about 55 clients (sites, e-mails, etc"), because vulnerability of these clients, some people are sending SPAM without using any e-mail account from the mail server, by the way our mail server is Exim. I would like to know how could I block this type of send e-mail in the server?
-
Hey, It would probably have to do with invalid scripts in any of your domain which is casing this. You might want to check from which domain the script is coming from. A one-liner which would help you : ( try this command via SSH and see if you can locate the scripts ) - awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1 Thank you 0 -
Hello :) In addition to the previous reply, you may also find the following document helpful: Prevent Email Abuse Thank you. 0 -
That was the answer : [13:13:09 root@default ~]# awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1 1 cwd=/home/postonb 1 cwd=/home/servidores/public_html/wp-admin 1 cwd=/home/shopping/public_html 1 cwd=/home/wbxservicos/public_html 1 cwd=/home/zzagcom/public_html 2 cwd=/home/andreiab/public_html 2 cwd=/home/andreiab/public_html/wp-admin 4 cwd=/home/auditiva/public_html 4 cwd=/home/revended 4 cwd=/home/tagboxco 4 cwd=/home/zzagcom 5 cwd=/home/servidores/public_html 6 cwd=/home/i9buscom/public_html 6 cwd=/home/marmocom/public_html 7 cwd=/home/balisunc/public_html/wp-admin 13 cwd=/home/panorami 20 cwd=/home/bwwlogcom/public_html 33 cwd=/home/agencia110/public_html/projeto/preambulo 44 cwd=/home/agencia110/public_html/projeto/idealsoft/ws 70 cwd=/home/balisunc/public_html 317 cwd=/home/webeerap 364 cwd=/home/jujordao/public_html/wp-content/plugins/types/embedded/onthego-resources/onthegosystems-icons/css
I would like to know what this result means ?0 -
The number on the left is the number of entries for that directory /var/log/exim_mainlog, indicating the script in that directory is sending email. Check the directories with high sending numbers to ensure legitimate mail is coming from them. Thank you. 0 -
Hey, You might check the scripts in '/home/jujordao/public_html/wp-content/plugins/types/embedded/onthego-resources/onthegosystems-icons/css' are safe ones. vulnerable WP plugins have been causing these sorta issues for a loooong time ! 0
Please sign in to leave a comment.
Comments
5 comments