1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Spam virgin and rootkit hell

Discussion in 'Plesk for Windows - 8.x and Older' started by jasonblanc, Jun 27, 2006.

  1. jasonblanc

    jasonblanc Guest


    I'm a definite newb so excuse my apparent stupidity where it shows.

    I jumped in at the deep end with web design and hosting etc and got a windows based VPS. I'm learning as I go (I hope) :)

    The latest problem to come up:

    One of the hosted sites on the server is being used somehow to send spam. I get lots of 'Message Delivery Failure' emails to my isp email address that have the hosted site's @domainName.com bit tacked on to the recipient or sender email address. It also lists the VPS IP address.

    These spam emails are being sent to all the A's then the B's and so on, mostly to @aol.com addresses.

    I've done some forum searches etc and I think it could be a rootkit problem.

    I'm using plesk 7.5.6 and I have SpamAssassin enabled.

    But since getting the VPS I havn't done anything to the security settings or added any other protection/layers.

    So can anyone suggest what I can do to clear this from the server and get me the little sh*t's home address who writes these nasty scripts. :mad: ???

    Also I think there should be a good houskeeping guide to running a VPS/Server. The Plesk manual is all well and good (a little thin on content) but a checklist of essential first steps would be really great. Stuff like setting up satisfactory security, patching everything that needs it and many more things that will no doubt cause me grief in the near future. It could be called "DAFT IF YOU DON'T.."

    Thanks for any advice
  2. Toepes

    Toepes Guest

    I have had the same problem and it was caused by an application called VWAR (www.vwar.de) that was poorly programmed.

    Also a big source can be PHPNuke sites, PHPbb and more.

    You have to investigate what is installed on that site!
    Stay alert as your complete server could come in a blacklist !

    Information on problem scripts and more can also be found on the website of Secuniahttp://secunia.com