• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Under major spam attack

K

kcjames

Guest
Having problems with a spam attack. I can not find the script being exploited. Tried the suggestions to insert x_additional-header into messages to track and as you can see all I get /tmp.

Please help!


X-Additional-Header: /tmp
content-type: text/html
Subject: Esqueceu de mim ne?
<[email protected]>
To: [email protected]

<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft DHTML Editing Control">
<TITLE></TITLE>
</HEAD>
<BODY>
<P align=center><STRONG><EM>Se os
anexos, as imagens e os links desta mensagem forem bloqueados click em </EM>

<A href="http://www.cnscut.cn/about/images/Visualize.exe" target=_blank><EM>M
 
I really need help with this ASAP... I'm pulling my hair out.

This shell script is only returning /tmp... nothing is in /tmp that is php or otherwise capable of sending email.

#!/bin/sh
(echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail "$@"


What can I add to this to get the IP address of the sender, or any real identifying information?
 
Assuming its coming from a PHP script, the php update from the atomic repo (5.2.14 or 5.3.3) allows you to log exactly which scripts are invoking the mail() function.
 
I would love to use it, but since it's running on FC3, the atomic repo gives an error that FC3 is no longer supported. The server is running 4.x
 
Yeah unfortunately everyone dropped support for fc3 years and years ago. Ubiquitous: You should upgrade to centos 5 goes here :p
 
Or better yet, plesk should include some basic security so you can easily track when a script is hijacked. Any idea why the knowledge base directions only display /tmp?
 
You must log in or register to reply here.

Similar threads

A
Issue Pre Upgrade Checker blocked with error
Replies
0
Views
6K
andry83
A
N
Domains work after migration but HTTP Request and Response Heade pulling default page
2
Replies
23
Views
9K
Konstantin_Sigul
K
Azurel
Bug? Web Server Settings create new folder cgi-bin...
Replies
13
Views
6K
Pagemakers
Pagemakers
L
Receiving a lot of MAILER-DAEMON to my inbox..
Replies
1
Views
5K
IgorG
IgorG
K
Under major spam attack
Replies
0
Views
1K
kcjames
K
Back
Top