Facebook
Twitter
V
voodoochile
Guest
So, I've opened a ticket several times with SW-Soft support about this and it never gets answered, lets see what you guys have.
Currently, Plesk only allows for suexec of CGI (Perl) scripts. Consequently, when you have a ton of domains on a server and ONE has an insecure formmail.php (or simliar) there is NO way to track down which site/form is being abused. You get to see tons of emails from [email protected] going to yahoo/hotmail/etc etc.
This means that any spammer at any time can hammer spam from your server without you being able to track it down and stop it short of just shutting off apache. I consider this a BIG Problem as I've spent probabally more hours this week tracking down spam than I have I have been devloping new plans or antyhing else.
Anyways, I'd suggest taking a look at your boxes for a dumb amout of mail coming from '[email protected]'. If you see that, then well, you're being abused and can join the crowd.
Things Iv'e done to track this so far.
Strace apache pid/children, read through strace dumps for a busy webserver. =(
Setup a script to copy the contents of apachectl fullstats > /tmp/blah so I *might* be lucky enough to find the rogue post. Of course this logs damned near every hit to my server. Not fun.
chmodded sendmail and grepped for Perm denied errors in just about ever error_log under /usr/local/psa/home/vhosts/$hostname/statistics/logs
I'm about to put a hold on reselling Plesk domains unless this can get fixed, I've got better things to do with my time than trying to get removed from spam blackholes because of the software that I run. =\
Currently, Plesk only allows for suexec of CGI (Perl) scripts. Consequently, when you have a ton of domains on a server and ONE has an insecure formmail.php (or simliar) there is NO way to track down which site/form is being abused. You get to see tons of emails from [email protected] going to yahoo/hotmail/etc etc.
This means that any spammer at any time can hammer spam from your server without you being able to track it down and stop it short of just shutting off apache. I consider this a BIG Problem as I've spent probabally more hours this week tracking down spam than I have I have been devloping new plans or antyhing else.
Anyways, I'd suggest taking a look at your boxes for a dumb amout of mail coming from '[email protected]'. If you see that, then well, you're being abused and can join the crowd.
Things Iv'e done to track this so far.
Strace apache pid/children, read through strace dumps for a busy webserver. =(
Setup a script to copy the contents of apachectl fullstats > /tmp/blah so I *might* be lucky enough to find the rogue post. Of course this logs damned near every hit to my server. Not fun.
chmodded sendmail and grepped for Perm denied errors in just about ever error_log under /usr/local/psa/home/vhosts/$hostname/statistics/logs
I'm about to put a hold on reselling Plesk domains unless this can get fixed, I've got better things to do with my time than trying to get removed from spam blackholes because of the software that I run. =\
