Mitigate spam from web

Discussion in 'Installation/Configuration' started by maxxer, Dec 17, 2012.

  1. maxxer

    maxxer Member


    We recently migrated several sites to ispconfig, and these days I noticed a huge spam activity generating from our server.
    in the meantime while I look for the site used for this activity, is there some action we can take to mitigate the abuse of web scripts used for mailings?

    we're not using ispconfig as mailserver, just for sites mailing

  2. maxxer

    maxxer Member

    found out it's an outdated wordpress site.

    is it possible to monitor such events?
    i.e. can amavis find common scripts, like WSO?
  3. pititis

    pititis Member


    If you are the administrator you can do everything.

    - Locate the script and check how and who is abusing it.
    - Disable features for this site if your customer doesn't need them. (cgi, python, perl, ssi, ruby)
    - Check for malware, php shell ... with clamav and rkhunter.
    - Force smtp auth
    - Disable mail() function

    Please note that I don't know nothing about your customer or your server.

  4. maxxer

    maxxer Member

    thanks pititis,
    my question was generic, on purpose. As I added I managed to stop this specific site and infection, what I wanted to know is if, for example, could be possible to execute a "clamav" on every uploaded file so that if it's a shell script or maliciuos file could be catched, or at least a warning triggered.

    Some "watcher" with the current settings.

  5. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

  6. maxxer

    maxxer Member

    very interesting, thank you very much!

Share This Page