[email protected] user is sending spam

Discussion in 'General' started by provell, Feb 15, 2011.

  1. provell

    provell New Member


    My server is sending fishing mails that relate to a website that I host that is hacked.
    I removed the contens of the /web directory of that website but the spamming still goes on.

    To seen where it was comming from I used this website to check if it was PHP/form related:

    Although the script works fine, nothing shows up in the log file other than my own test results or the occasional user that uses a form.

    Because my mail.log shows that user [email protected] is sending the mail I try'd to block his emails with the help of this site:

    This how ever did not help and the spamming still goes on.
    Deleting the user www-data is not an option of course as it is the apache user.

    If anybody has any idea how to stop this spamming I would be verry thankfull
  2. falko

    falko Super Moderator ISPConfig Developer

    Are you sure that you deleted the contents of the right web site?

    Did you run chkrootkit and/or rkhunter? Mabe some kind of backdoor got installed on your server.
  3. provell

    provell New Member


    No, I'm sure I removed the correct website.
    What I stil saw in the logging were the messages that could not be deliverd.
    About 700 of them were still resending them selves every 20 minutes or so.
    After I cleaned my whole mail que the problem was resolved.

    More importantly how is it possible to stop any user(including www-data) to send such a large amount of emails.
    Is there an easy way to set the timmit to 2000 or so?
    There were send some 70.000 mails of my server in one day.
    If I could set a limmit it would at least be less harmfull.

    I found something on the postfix website but I'm no expert on that part.
    If you have any tips it would be much appreciated.

Share This Page