Prevent outgoing spam from compromised websites

Discussion in 'Installation/Configuration' started by maxxer, Aug 28, 2013.

  1. maxxer

    maxxer Member

    On a populated ISPConfig 3 install we experienced a compromised Joomla website, from which malicious remote users managed to send 50k mails of spam outside.
    In short our server was blacklisted and ALL mails stopped delivering, including legitimate ones.
    Now we took offline the compromised site and cleaned the postfix queue, but we would like to understand if there's some action we can do to prevent this from happening again.

    This is a default ISPConfig installation, we just provide web hosting, no mail hosting, but the mailserver is running.

  2. pvanthony

    pvanthony Member

  3. rwheindl

    rwheindl Member

    This is a side note for future visitors to this thread:
    If the compromised site is using the PHP mail() function to send spam, in ISPConfig you can temporarily block the website's ability to send email while you implement spam prevention and/or fix the breach. In ISPConfig, goto:
    Sites -> (the compromised site) -> Options (tab) -> Custom php.ini settings
    Type the following in the box:
    disable_functions = "mail"
    Click save.
    The site can no longer use the php mail() function to send spam (or any email for that matter). So note that you need to delete this option once you've removed/sealed the breach so the website can send email again.
  4. Honza

    Honza Member HowtoForge Supporter

    rwheindl - thanks that's actually very helpful

Share This Page