Results 1 to 10 of 12
-
30th Sep 2010, 05:27 PM#1
OPMember
Server Help!
Is there is any way in a linux server with whm to stop sending mails to a particular email id (from server's php script) or redirect it other email id.
Please help!ashutariyal Reviewed by ashutariyal on . Server Help! Is there is any way in a linux server with whm to stop sending mails to a particular email id (from server's php script) or redirect it other email id. Please help! Rating: 5403 Forbidden Error
-
30th Sep 2010, 05:32 PM#2
MemberWebsite's:
th3fallen.comYou mean like server notification emails or just marketing emails?
-
30th Sep 2010, 05:33 PM#3
Member
Hello,
Please illustrate more. What exacrtly is it doing. Is there a script on the server sending out very many emails to one person or many? There must be a cronjob also setup or something.
Also what kind of emails are those being sent out?
-
30th Sep 2010, 05:44 PM#4
OPMember
Thanks for your reply,
this is one kind of hacking and i have checked every script and found that it is "X-Mailer: DLE PHP" so i have replaced all files with new one but the script (which i still not found) still sending mails to a gmail email id in this formate
in every email only one account detail.Code:Acount: [ Editor | username | passowrd | email id | ip ] - Admin mail: Hack Shell: http:// link of the script (which i already removed)
(which is killing my exim and server going overload)
Regards,403 Forbidden Error
-
30th Sep 2010, 05:48 PM#5
Member
Config Mail Manage
install this WHM plugin and you can limit each domains mails per hour and set config options per domain.
PHP Code:cd /
wget http://www.configserver.com/free/cmm.tgz
tar -xzf cmm.tgz
cd cmm/
sh install.sh
but you should secure/update your script to solve the problem
-
30th Sep 2010, 05:53 PM#6
MemberWebsite's:
th3fallen.comCouldn't have said it better myself.
-
30th Sep 2010, 05:53 PM#7
OPMember
or is there is any way to find out this script on server / account
hacker's gmail id is : noreply.hak@gmail.com403 Forbidden Error
-
30th Sep 2010, 05:57 PM#8
Member
Also check the cronjob must be active
Check this :
go to /etc/crontab
then do a ls
and see any cronjobs and delete them.
Thanks & Regards
-
30th Sep 2010, 05:59 PM#9
Member
search starting /
it will take a long time to search through all files on the server.
http://www.siteground.com/tutorials/..._searching.htm
-
30th Sep 2010, 06:00 PM#10
MemberWebsite's:
th3fallen.comYou can try doing a grep -RPn for some of the following they are very common vars of exploits
- passthru
- shell_exec
- system
- phpinfo
- base64_decode
- edoced_46esab (base64_decode used backwards to avoid detection by string searches like this)
- chmod
- mkdir
- `` (backticks with an operating system command between them)
- fopen
- fclose
- readfile
Granted this may give alot of false positives but is better than nothing.
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
share OVH server with i7, 24gb ram, 2tb hard drive / windows server / 1 gigabit link
By tonhaum in forum Hosting DiscussionReplies: 6Last Post: 11th Dec 2011, 08:40 AM -
Justwebsupport - Server Admin / Server monitor/ Technical support 7 days Free Trial
By justwebsupport in forum Server ManagementReplies: 0Last Post: 26th Jun 2011, 01:07 PM -
[Hiring] Premium Server Managment Solutions | We Handle Your VPS/Dedicate Server For Best Perf
By devilmaycry in forum Completed TransactionsReplies: 9Last Post: 12th Nov 2010, 10:12 AM -
[Shared] Now Moster Server 8core 16GB DDR2 RAM Ultra fast server with litespeed webserver
By kiss of death in forum ArchiveReplies: 7Last Post: 19th Sep 2009, 02:44 AM -
[Dedicated] Semi-dedicated server space on my personal server - Mature clients only
By Zing in forum ArchiveReplies: 3Last Post: 5th Mar 2009, 03:58 PM
Staff Online
themaCreator - create posts from...
Version 3.48 released. Open older version (or...