how to stop spammers using php scripts

[ctek]

hi

we had yesterday a huge spammig attack. a spammer was using a unknown php script on the plesk server to send out > 50'000 emails.

does anybody has some workaround to prevent abuses of php scripts for sending emails out? helpfull would be some kind of limits per domain for sendmail (not more then 200 mails allowed / day and domain).
any suggestions?

thankx
mike

 

[atomicturtle]

You mind sending me the script? I can add it to my application scanner I've been working on here: http://www.atomicrocketturtle.com/app-inventory.png

This isnt a complete fix, but you could use qmail-scanner on the box. That would scan both incoming and outgoing mail for spam.

 

[Traged1]

We used to use a script called "MailMon" not to be confused with the mailing list manager also called mailman.

Which used to be available from: http://www.webhosting-tools.com/view.cgi/MailMon/ not sure if it is still there or not?

I t used to replace the qmail "sendmail" binary file, and run a count on email sent out from the server, you could set a threshold and a time limit. If a spammer was detected it would not send any email but rather send the email to a Mysql database and inform the admin. I was really happy with the script but sadly it stopped working a long time ago due to structure changes in PLESK, I think it was about PLESK 6 which broke the script.

Come to think about it, i should look throug m y acrchives now and try to re-write it for use on todays PLESK. It would be a great addidtion since most other panels have something functionality like that already.

In the mean time, we have just been logging all email sent from our server using the following:

------------------------------------------------------------------
mv /usr/sbin/sendmail /usr/sbin/sendmail.act
(==>NOTE: Watch out .. if you, by mistake, repeat this install you will overwrite your real sendmail file ... better you make yet another copy with "cp" under another name.)
vi /usr/sbin/sendmail (paste the below code into it)
chmod +x /usr/sbin/sendmail
echo > /var/log/formmail.log
chmod 777 /var/log/formmail.log

-------------------------------------------------------------------

#!/usr/bin/perl

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n";
}
else {

print INFO "$date - $PWD - @info\n";

}
my $mailprog = '/var/qmail/bin/sendmail';
foreach (@ARGV) {
$arg="$arg" . " $_";
}

open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n";
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);

---------------------------------------------------------------------