• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

How do we stop our Linux webserver from sending SPAM??

Hello, any help would be appreciated.

   We use a dedicated server to host our company websites.  One of the site started sending out spam from our server.
Now there is a mail account on the main server sending out spam.  We are using formMail clone cgi.  I know very little
about Linux systems (no SSH), I am trying to disable only the "account" sending the unauthorized mail without interrupting
email on the rest of the server.  We have no idea how this could have happened or how to fix it.  Any suggestions would
be greatly appreciated!

  Mail Queue is currently trying to send 90,000 messages, help!
0
nwrights
Asked:
nwrights
4 Solutions
 
xDamoxCommented:
Hi,

I would strongly recommend deleting the formMail cgi script as this is probably the problem, with no
SSH you will be unable to remove mail from the mail queue :(
0
 
ahoffmannCommented:
some versions of formMail are known to be vulnerable to be used as spam relay, best you disable these scripts and replace them by  http://nms-cgi.sf.net/
0
 
kblack05Commented:
You mention two factors of interest here. One is "dedicated host" and two is "No SSH". Those two words shouldn't normally be in the same sentence =)

Recommend you compel the dedicated hosting provider to flush the queue, alter the formMail.cgi or turn it off, and grant you SSH access to the box.

Be advised there are other problems, though formMail has LONG been known to be an easy victim, you might wish to test that the system isn't also running an open relay here: http://www.abuse.net/relay.html

Regards,

~K Black
0
 
flashwebhostCommented:
Just disabling the account is not the solution.

First, make sure server is not setup as open relay.

Then find out which script send out emails, if you find a formmail, delete the file from the server. Install secure formmail, it will be better to have a formmail with visual confirmation as lot of bots send spam mails nowadays.

If you server have control panel like cpanel, you can set it to enable script run as user (other than user that apache is running), with this, you can easily track abuser.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now