Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 9th December 2010, 07:38
toux toux is offline
Join Date: Sep 2010
Posts: 36
Thanks: 5
Thanked 0 Times in 0 Posts
Default My server send spam

My server is sending spam emails.
I change the password, I see on ssh file explorer, and I can't see mailing script, I desactiavet the mail function on php.ini, but still sneding emails.

And I have strange images on a directory.

Is there a solution, without format and reinstall?

Thank you
Reply With Quote
Sponsored Links
Old 9th December 2010, 11:02
till till is online now
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,000
Thanks: 840
Thanked 5,650 Times in 4,460 Posts

First you should check the system with the rkhunter and chkrootkit programs.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Old 9th December 2010, 16:32
toux toux is offline
Join Date: Sep 2010
Posts: 36
Thanks: 5
Thanked 0 Times in 0 Posts

Hello Till,

Thank you very much, I just installed Rkhunter and I see a good number of warings here:

Performing file properties checks


Checking for rootkits...

Performing check of known rootkit files and directories

All green [not found]
Here the summary:
System checks summary

File properties checks...
Required commands check failed
Files checked: 137
Suspect files: 34

Rootkit checks...
Rootkits checked : 245
Possible rootkits: 1
Rootkit names : Xzibit Rootkit

Applications checks...
Applications checked: 4
Suspect applications: 4

The system checks took: 1 minute and 11 seconds

I run chkrootkit-0.49 and not show nothing infected and all good.

How can I fix this errors? and prevent the spam, and the strange images upload.

Thank you


Last edited by toux; 9th December 2010 at 16:36.
Reply With Quote
Old 9th December 2010, 19:19
edge edge is offline
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,044
Thanks: 269
Thanked 154 Times in 133 Posts

The best thing to do is take the server off-line, and do a reinstall!

If your server has been compromised to/by a hacker, the hacker could have added many ways to access your server.

So if you fix one problem, the other might still be there and beeing abused by the hacker(s)
Never execute code written on a Friday or a Monday.
Reply With Quote
Old 10th December 2010, 21:02
Olgierd Olgierd is offline
Join Date: Aug 2009
Posts: 42
Thanks: 5
Thanked 7 Times in 2 Posts

you check what proccess i to active on your server and stop it, then chceck why. Spam can be send by cgi script for example.

You download all log files on your desktop and analize it. Check who use shell, ftp last time and what was change. Check you upgrade.

you disable fopen in php.ini for suphp, fast-cgi etc.

If a hacker has no access to root, you have chance fix the server, other way is better reinstall all.
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu Server, postfix, gmail relay sjau Server Operation 3 14th December 2010 19:20
Getmail problem cante93 Installation/Configuration 6 20th September 2010 15:40
Can't Ping over VPN RoMiONeT Server Operation 2 4th July 2010 01:19
FTP cannot open remote folder!?! andysm849 Server Operation 23 17th October 2008 00:34
Email - Ueb-Miau mazhar Installation/Configuration 5 21st December 2005 11:01

All times are GMT +2. The time now is 17:51.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.