1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Under major spam attack

Discussion in 'Plesk for Linux - 8.x and Older' started by kcjames, Sep 24, 2010.

  1. kcjames

    kcjames Guest

    0
     
    Having problems with a spam attack. I can not find the script being exploited. Tried the suggestions to insert x_additional-header into messages to track and as you can see all I get /tmp.

    Please help!


    X-Additional-Header: /tmp
    content-type: text/html
    Subject: Esqueceu de mim ne?
    <communications_msn_cs_ptbr@Microsoft.windowslive.com>
    To: dani.zug@hotmail.com

    <HTML>
    <HEAD>
    <META NAME="GENERATOR" Content="Microsoft DHTML Editing Control">
    <TITLE></TITLE>
    </HEAD>
    <BODY>
    <P align=center><STRONG><EM>Se os
    anexos, as imagens e os links desta mensagem forem bloqueados click em </EM>

    <A href="http://www.cnscut.cn/about/images/Visualize.exe" target=_blank><EM>M
     
  2. kcjames

    kcjames Guest

    0
     
    I really need help with this ASAP... I'm pulling my hair out.

    This shell script is only returning /tmp... nothing is in /tmp that is php or otherwise capable of sending email.

    #!/bin/sh
    (echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"


    What can I add to this to get the IP address of the sender, or any real identifying information?
     
  3. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Assuming its coming from a PHP script, the php update from the atomic repo (5.2.14 or 5.3.3) allows you to log exactly which scripts are invoking the mail() function.
     
  4. kcjames

    kcjames Guest

    0
     
    I would love to use it, but since it's running on FC3, the atomic repo gives an error that FC3 is no longer supported. The server is running 4.x
     
  5. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Yeah unfortunately everyone dropped support for fc3 years and years ago. Ubiquitous: You should upgrade to centos 5 goes here :p
     
  6. kcjames

    kcjames Guest

    0
     
    Or better yet, plesk should include some basic security so you can easily track when a script is hijacked. Any idea why the knowledge base directions only display /tmp?
     
Loading...