HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Mitigate spam from web (http://www.howtoforge.com/forums/showthread.php?t=59986)

maxxer 17th December 2012 23:33

Mitigate spam from web
 
hi.

We recently migrated several sites to ispconfig, and these days I noticed a huge spam activity generating from our server.
in the meantime while I look for the site used for this activity, is there some action we can take to mitigate the abuse of web scripts used for mailings?

we're not using ispconfig as mailserver, just for sites mailing

thanks

maxxer 17th December 2012 23:54

found out it's an outdated wordpress site.

is it possible to monitor such events?
i.e. can amavis find common scripts, like WSO?

pititis 18th December 2012 03:10

Hello,

If you are the administrator you can do everything.

- Locate the script and check how and who is abusing it.
- Disable features for this site if your customer doesn't need them. (cgi, python, perl, ssi, ruby)
- Check for malware, php shell ... with clamav and rkhunter.
- Force smtp auth
- Disable mail() function

Please note that I don't know nothing about your customer or your server.

Cheers!

maxxer 18th December 2012 08:21

thanks pititis,
my question was generic, on purpose. As I added I managed to stop this specific site and infection, what I wanted to know is if, for example, could be possible to execute a "clamav" on every uploaded file so that if it's a shell script or maliciuos file could be catched, or at least a warning triggered.

Some "watcher" with the current settings.

thanks!

Croydon 18th December 2012 12:25

You could try this one:
http://www.howtoforge.com/forums/showthread.php?t=58440

maxxer 18th December 2012 12:45

very interesting, thank you very much!


All times are GMT +2. The time now is 15:04.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.