• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

how to stop spammers using php scripts

C

ctek

Guest
hi

we had yesterday a huge spammig attack. a spammer was using a unknown php script on the plesk server to send out > 50'000 emails.

does anybody has some workaround to prevent abuses of php scripts for sending emails out? helpfull would be some kind of limits per domain for sendmail (not more then 200 mails allowed / day and domain).
any suggestions?

thankx
mike
 
We used to use a script called "MailMon" not to be confused with the mailing list manager also called mailman.

Which used to be available from: http://www.webhosting-tools.com/view.cgi/MailMon/ not sure if it is still there or not?

I t used to replace the qmail "sendmail" binary file, and run a count on email sent out from the server, you could set a threshold and a time limit. If a spammer was detected it would not send any email but rather send the email to a Mysql database and inform the admin. I was really happy with the script but sadly it stopped working a long time ago due to structure changes in PLESK, I think it was about PLESK 6 which broke the script.

Come to think about it, i should look throug m y acrchives now and try to re-write it for use on todays PLESK. It would be a great addidtion since most other panels have something functionality like that already.

In the mean time, we have just been logging all email sent from our server using the following:

------------------------------------------------------------------
mv /usr/sbin/sendmail /usr/sbin/sendmail.act
(==>NOTE: Watch out .. if you, by mistake, repeat this install you will overwrite your real sendmail file ... better you make yet another copy with "cp" under another name.)
vi /usr/sbin/sendmail (paste the below code into it)
chmod +x /usr/sbin/sendmail
echo > /var/log/formmail.log
chmod 777 /var/log/formmail.log

-------------------------------------------------------------------

#!/usr/bin/perl

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n";
}
else {

print INFO "$date - $PWD - @info\n";

}
my $mailprog = '/var/qmail/bin/sendmail';
foreach (@ARGV) {
$arg="$arg" . " $_";
}

open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n";
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);

---------------------------------------------------------------------
 
You must log in or register to reply here.

Similar threads

J
Question clobbered PHP-CLI after apt upgrade
Replies
9
Views
2K
James Heinrich
J
V
Issue Smarthost + SRS = relay?
Replies
2
Views
10K
vanlier
V
M
Issue Can't open Port 25. Please help
Replies
2
Views
4K
mhogue
M
Cordal
Resolved stop sending spam
Replies
12
Views
3K
Change Maker
C
AdrianC
Question php82-fpm stops responding, how to tune, debug, check variables
Replies
4
Views
3K
AdrianC
AdrianC
Back
Top