#1  
Old 17th December 2012, 22:33
maxxer maxxer is offline
Member
 
Join Date: May 2007
Posts: 34
Thanks: 6
Thanked 1 Time in 1 Post
Default Mitigate spam from web

hi.

We recently migrated several sites to ispconfig, and these days I noticed a huge spam activity generating from our server.
in the meantime while I look for the site used for this activity, is there some action we can take to mitigate the abuse of web scripts used for mailings?

we're not using ispconfig as mailserver, just for sites mailing

thanks
Reply With Quote
Sponsored Links
  #2  
Old 17th December 2012, 22:54
maxxer maxxer is offline
Member
 
Join Date: May 2007
Posts: 34
Thanks: 6
Thanked 1 Time in 1 Post
Default

found out it's an outdated wordpress site.

is it possible to monitor such events?
i.e. can amavis find common scripts, like WSO?
Reply With Quote
  #3  
Old 18th December 2012, 02:10
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 90 Times in 68 Posts
Default

Hello,

If you are the administrator you can do everything.

- Locate the script and check how and who is abusing it.
- Disable features for this site if your customer doesn't need them. (cgi, python, perl, ssi, ruby)
- Check for malware, php shell ... with clamav and rkhunter.
- Force smtp auth
- Disable mail() function

Please note that I don't know nothing about your customer or your server.

Cheers!
Reply With Quote
The Following User Says Thank You to pititis For This Useful Post:
maxxer (18th December 2012)
  #4  
Old 18th December 2012, 07:21
maxxer maxxer is offline
Member
 
Join Date: May 2007
Posts: 34
Thanks: 6
Thanked 1 Time in 1 Post
Default

thanks pititis,
my question was generic, on purpose. As I added I managed to stop this specific site and infection, what I wanted to know is if, for example, could be possible to execute a "clamav" on every uploaded file so that if it's a shell script or maliciuos file could be catched, or at least a warning triggered.

Some "watcher" with the current settings.

thanks!
Reply With Quote
  #5  
Old 18th December 2012, 11:25
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 932
Thanks: 16
Thanked 262 Times in 208 Posts
Default

You could try this one:
http://www.howtoforge.com/forums/showthread.php?t=58440
__________________
Marius Cramer

pixcept KG
Reply With Quote
The Following User Says Thank You to Croydon For This Useful Post:
maxxer (18th December 2012)
  #6  
Old 18th December 2012, 11:45
maxxer maxxer is offline
Member
 
Join Date: May 2007
Posts: 34
Thanks: 6
Thanked 1 Time in 1 Post
 
Default

very interesting, thank you very much!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Server hangs, BUG: Bad page state in process lucani Installation/Configuration 1 6th September 2012 18:50
Problem with fetchmail/getmail brianetilley Installation/Configuration 3 27th January 2012 12:15
ISPConfig reports SMTP-server down, with Roundcube installed toffie Installation/Configuration 2 1st December 2011 10:55
Error show pages in server qb7 General 1 31st October 2011 09:09
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37


All times are GMT +2. The time now is 12:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.