stop email from local

gavcom

• March 05, 2015 00:41

Hi all Got a bit of a strange one, i recently saw something being uploaded to one of my accounts, its a php script that sends out mail via my local server name. the only reason i caught this is because of my firewall which alearts me of relayed email that go over 100 with in an hour. 1. i already removed any and all FTP accounts even changed the root pw for that account 2. the file in question "llm.php" still manages to find its way back 3. ive set a cronjob to delete that file every 1min, but i dont want this 4. ive tried to grep every log i can find but i cant find the culprint a. how can i stop sending from my local domain server or at least make sure its authenticated and or allowed to send from the local domain name, im running a shared server btw that i have root access to and manage b. is there a central log somewhere i havent seen that records any uploaded files to the dif accounts im running latest cpanel 11.48.1 build 2 apache 2.2 -recommended by cpanel php 5.4 -recommended by cpanel thanks a bunch, really need a solution to this as that script managed to send out nearly 5000 emails... of crap and im now trying to remove my self from outlook.com blacklist

• 

  cPanelMichael

  • March 05, 2015 12:35

  Hello :) For PHP scripts, you could add "mail" to the disable_functions line in your PHP configuration file. The following document may also be helpful: How To Prevent Email Abuse Thank you.

  0
• 

  gavcom

  • March 11, 2015 14:51

  Hi i dont want to add MAIL to php there are alot of other sites legit that need it, i just want to stop a php from sending from my local server name eg x@localserver.co.za were x is the name of the account that has the php script loaded. i want them to send from x@x.co.za force-ably...

  0
• 

  cPanelMichael

  • March 11, 2015 19:45

  Hello, The default behavior of Exim is to use the cPanel username and hostname of the server to construct the envelope-sender address. If you can configure the mailer to use SMTP and authenticate with SMTP AUTH, this will set the correct "Return-Path" in the headers. There are no options to circumvent this unless you prevent users from sending out via PHP. You can add an individual php.ini to the account (assuming you are using suPHP) to ensure that only this account is blocked from sending out email through PHP, and that other accounts on your server are still permitted to do so. Thank you.

  0
• 

  gavcom

  • March 12, 2015 12:50

  1. hmm what if like the offending script they delete the php.ini and continue to send mail out 2. inside the php.ini i just put in exclude mail or do i have to have a complete php.ini 3. where do i put the php.ini /home/public_html ? or just /home thanks for the help

  0
• 

  cPanelMichael

  • March 12, 2015 14:52

  1. This topic is discussed here: Methods to Increase Security on suPHP - Restricting who can use php.ini files 2. I suggest making a copy of /usr/local/lib/php.ini and the adding "mail" to the disable_functions list within the copied file. 3. This is answered here: Where to place account php.ini file Thank you.

  0

Please sign in to leave a comment.