Web Hosting Forum | Lunarpages
News: October 6, 2008 - Submit Your Site for the October 2008 Site of the Month!
 
Home Help Search Calendar Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		October 14, 2008, 06:33:10 AM


Login with username, password and session length


Web Hosting Forum | Lunarpages > Lunarpages Web Hosting - Advanced Assistance > Lunarpages - Dedicated Web Hosting > Someone is using my server to send spam - Please Help!
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Someone is using my server to send spam - Please Help!  (Read 760 times)
aiko
Spaceship Captain
*****
Offline Offline

Posts: 122
« on: December 28, 2007, 01:54:17 PM »
Hi,

Someone is using my server to send spam. How can i find where the problem comes from using putty?

How can i find the page used to send spam?

Thanks in advance for you help.

Aiko
Logged
perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1058
« Reply #1 on: December 29, 2007, 04:37:19 AM »
Hi,

First of all, some additional info is required to give you some advices. First of all, is there any control panel installed on your server? The first thing I would do in such situation is checking mail server logs to get an idea how emails are being send and disabling all scripts with forms which can send emails on the server.
Logged
Kind Regards,
Vlad Artamonov
aiko
Spaceship Captain
*****
Offline Offline

Posts: 122
« Reply #2 on: January 03, 2008, 04:02:56 AM »
Hi Smile

Thanks for your reply.

I'm on a dedicated server. I use webmin.

How can i check the mail server logs?

Aiko
« Last Edit: January 05, 2008, 09:01:29 AM by aiko » Logged
perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1058
« Reply #3 on: January 09, 2008, 07:39:41 AM »
Hi Aiko,

Do you know which mail server is installed on your server? The first thing to check would be /var/log/maillog.
Logged
Kind Regards,
Vlad Artamonov
aiko
Spaceship Captain
*****
Offline Offline

Posts: 122
« Reply #4 on: January 13, 2008, 09:46:17 AM »
Sendmail Mail Server is installed on my server. QMail Mail Server is not installed. Postfix Mail Server is not installed.

When i use this command:
Code:
tail -f /var/log/maillog
and Sendmail is stopped,

Here is what i see:
Jan 13 10:36:54 server sendmail[19180]: m0DIam73019180: to="=?UTF-8?B?TXIuVm9vcmhlZXM=?=" <gates82@gmx.de>, ctladdr=nobody (99/99), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31410, relay=[127.0.0.1] [127.x.x.x], dsn=4.0.0, stat=Deferred: Connection refused by [127.x.x.x]
...
...
...
...
...


+ the hacker can write/delete files on my server.

Please help! Hiya

Aiko Help
« Last Edit: January 13, 2008, 09:56:44 AM by aiko » Logged
perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1058
« Reply #5 on: January 16, 2008, 09:33:37 PM »
Hi,

More than likely you have a script on your server that allows to execute commands or send emails without any authentication or through a vulnerability on one of the sites hosted on the server. I would recommend going through all the accounts, updating scripts you use to the latest versions, removing the scripts you do not use as well as the files you didn't upload.
Logged
Kind Regards,
Vlad Artamonov
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.6 | SMF © 2006-2008, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM