Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th November 2008, 15:15
binover binover is offline
Member
 
Join Date: Mar 2008
Posts: 58
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via MSN to binover
Default Under SPAM hack attack

Hi to all, this is a very serious problem... in the few past days one of my servers is delivering A LOT of spam to different mailbox, I'm know for sure it was hack some how, I'm preparing a new install but... how can I stop that attack? were can I look? I'm short of knowledge right know.

Thanks to all!
Reply With Quote
Sponsored Links
  #2  
Old 17th November 2008, 15:19
binover binover is offline
Member
 
Join Date: Mar 2008
Posts: 58
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via MSN to binover
Default

PD: Here is a extract of the Mailq:

593D01FC274 2629 Mon Nov 17 10:55:52 rev_fr_jean_white2@unitednations.org
(host mail-in.roc2.bluetie.com[208.89.132.202] said: 450 4.7.1 <deedee5@excite.com>: Recipient address rejected: Greylisting in action, please try again in 5 minutes. (in reply to RCPT TO command))
deedee5@excite.com
(host mx1.comcast.net[76.96.62.116] refused to talk to me: 554 IMTA09.westchester.pa.mail.comcast.net comcast 200.5.90.196 Comcast BL004 Blocked for spam. Please see http://help.comcast.net/content/faq/BL004)
deedee12858@comcast.net
deedee28@comcast.net
(host mx2.optonline.net[167.206.4.79] refused to talk to me: 452 try later)
deedee56@optonline.net
(host mailin-03.mx.aol.com[205.188.252.17] said: 421-: (DYN:T1) http://postmaster.info.aol.com/errors/421dynt1.html 421 SERVICE NOT AVAILABLE (in reply to end of DATA command))
deedee128748@aol.com
deedee1331@aol.com
deedee178215@aol.com
deedee2902@aol.com
deedee2987@aol.com
deedee3737@aol.com
deedee4585@aol.com
deedee573@aol.com
(host b.mx.mail.yahoo.com[66.196.97.250] refused to talk to me: 421 4.7.0 [TS02] Messages from 200.5.90.196 temporarily deferred due to user complaints - 4.16.56.1; see http://postmaster.yahoo.com/421-ts02.html)
deedee1137@yahoo.com
deedee1165@yahoo.com
deedee12167@yahoo.com
deedee12356@yahoo.com
deedee128691@yahoo.com
deedee15dr@yahoo.com
deedee16552002@yahoo.com
deedee18ro@yahoo.com
deedee200415@yahoo.com
deedee229@yahoo.com
deedee262004@yahoo.com
deedee3835@yahoo.com
deedee47882@yahoo.com
deedee50@yahoo.com
deedee5111@yahoo.com
deedee7332003@yahoo.com
(connect to mail.wbia.net [65.14.23.101]: read timeout)
deedee125@wbia.net
Reply With Quote
  #3  
Old 18th November 2008, 13:26
madmucho madmucho is offline
Senior Member
 
Join Date: Oct 2006
Location: Czech republic, Karlovy Vary
Posts: 158
Thanks: 81
Thanked 11 Times in 11 Posts
Send a message via ICQ to madmucho
Default

as i see you will need implement some spam defense, or your mailserver defense, try search fail2ban and set it to your distro. Will help
Reply With Quote
  #4  
Old 18th November 2008, 13:45
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,733
Thanks: 840
Thanked 5,596 Times in 4,407 Posts
 
Default

Most likely one of the websites you host is misused to send spam, e.g. trough a unsave contact form. You should check the mails in the queue with the postcat command to find out trogh which website they had been sent.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help! Why do I see message about Apache, CPanel & WHM. I don't run cpanel! websissy Installation/Configuration 3 18th November 2008 23:16
How to Protect my ISPConfig Server from the SPAM Attack vaio1 Installation/Configuration 5 24th October 2008 22:08
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 18:37
Tests before the major spam attack? vbrookie Server Operation 6 19th February 2007 20:45
Spam attack on one specific domain steowimmy Installation/Configuration 2 14th November 2006 22:12


All times are GMT +2. The time now is 16:44.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.