Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How do we stop our Linux webserver from sending SPAM??

Posted on 2006-05-25
6
Medium Priority
?
268 Views
Last Modified: 2010-08-05
Hello, any help would be appreciated.

   We use a dedicated server to host our company websites.  One of the site started sending out spam from our server.
Now there is a mail account on the main server sending out spam.  We are using formMail clone cgi.  I know very little
about Linux systems (no SSH), I am trying to disable only the "account" sending the unauthorized mail without interrupting
email on the rest of the server.  We have no idea how this could have happened or how to fix it.  Any suggestions would
be greatly appreciated!

  Mail Queue is currently trying to send 90,000 messages, help!
0
Comment
Question by:nwrights
4 Comments
 
LVL 16

Accepted Solution

by:
xDamox earned 500 total points
ID: 16767814
Hi,

I would strongly recommend deleting the formMail cgi script as this is probably the problem, with no
SSH you will be unable to remove mail from the mail queue :(
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 500 total points
ID: 16772171
some versions of formMail are known to be vulnerable to be used as spam relay, best you disable these scripts and replace them by  http://nms-cgi.sf.net/
0
 
LVL 11

Assisted Solution

by:kblack05
kblack05 earned 500 total points
ID: 16808732
You mention two factors of interest here. One is "dedicated host" and two is "No SSH". Those two words shouldn't normally be in the same sentence =)

Recommend you compel the dedicated hosting provider to flush the queue, alter the formMail.cgi or turn it off, and grant you SSH access to the box.

Be advised there are other problems, though formMail has LONG been known to be an easy victim, you might wish to test that the system isn't also running an open relay here: http://www.abuse.net/relay.html

Regards,

~K Black
0
 
LVL 5

Assisted Solution

by:flashwebhost
flashwebhost earned 500 total points
ID: 16980062
Just disabling the account is not the solution.

First, make sure server is not setup as open relay.

Then find out which script send out emails, if you find a formmail, delete the file from the server. Install secure formmail, it will be better to have a formmail with visual confirmation as lot of bots send spam mails nowadays.

If you server have control panel like cpanel, you can set it to enable script run as user (other than user that apache is running), with this, you can easily track abuser.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question