Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 17th January 2012, 12:49
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

There some possibility from someone sending mails using my server? or my account details?

Thanks!
Reply With Quote
Sponsored Links
  #12  
Old 17th January 2012, 13:02
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Again,

i've deleted all e-mail accounts from my server and still mails are going out...really strange??!!
Reply With Quote
  #13  
Old 17th January 2012, 13:34
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,446
Thanks: 813
Thanked 5,216 Times in 4,089 Posts
Default

The problem is either in a website script or in your proxy configuration as it can be possible to send emails trough a wrong configured proxy. It is unlikely that the problem is related to your mail accounts. You should check the access log of your website to see which url requests are used to send the emails trogh your server and then fix the script or proxy configuration that allows the sending of emails.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #14  
Old 17th January 2012, 13:37
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

HI,

which is the access log? Is "secure" one ?

thanks.
Reply With Quote
  #15  
Old 17th January 2012, 13:39
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,446
Thanks: 813
Thanked 5,216 Times in 4,089 Posts
Default

If you use a ispconfig 3 server, then the access.log of the website is in the log directory of that website.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #16  
Old 17th January 2012, 14:03
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

HI,

i've found something like this:

"GET /mysqladmin/scripts/setup.php HTTP/1.1" 200 11079 "http://myserver/mysqladmin/scripts/setup.php" "Opera"

Can be the problem?

Thanks.
Reply With Quote
  #17  
Old 17th January 2012, 14:06
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,446
Thanks: 813
Thanked 5,216 Times in 4,089 Posts
Default

Is your phpmyadmin reachable under the URL /mysqladmin on your server? If yes, then the phpmyadmin installation might be outdated or vulnerable for attacks. Try to close phpmyadmin url e.g. by adding a .htaccess password protection in the phpmyadmin installation directory and check if that stops the problem.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #18  
Old 17th January 2012, 14:12
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Till thanks for your amazing fast replies!!

"GET /wp-content/plugins/wp-phpmyadmin/wp-phpmyadmin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 0 "-" "ZmEu"

I've been attacked by someone called ZmEu, so now, i need to change the database password, maybe the database was infected, right?

Thanks.!
Reply With Quote
  #19  
Old 17th January 2012, 14:42
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Maybe it's better to remove ISPconfig instalation and reinstall again?

How can i remove ISPconfig (files and database).

Thanks.
Reply With Quote
  #20  
Old 17th January 2012, 16:34
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
 
Default

If so I would completely wipe the whole server and reinstall it, as you may not now, which backdoors the attacker may have left, eventhough you closed the vulnerability he used to compromise the server initially.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
User unknown in relay recipient table Taxick Installation/Configuration 12 9th April 2013 12:31
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail -Ubuntu 8.04 c4rdinal HOWTO-Related Questions 112 23rd August 2011 10:49
Sending email issue lezelf Installation/Configuration 15 9th August 2011 11:20
Not working emails (DNS and postfix problem?) shekiman Installation/Configuration 9 1st March 2011 16:25
Problem with keeping Apache alive bobeq Server Operation 3 29th November 2007 16:11


All times are GMT +2. The time now is 03:50.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.