Forum Moderators: phranque
We are on a shared apache server. Thousands of emails are being sent out from one of our email address with the address ourdomain@ourdomain dot com .
Our hosting company has warned us two time to sort this problem out. this time they did not even want to reopen our account, but after some negotiations they put it live but asked us to sort this problem.
I had a look at our account area on the myserverworld and retrieved the ourdomain@ourdomain email inbox. In the inbox there are some delivery failure email added every few minutes. I cannot delete this mailbox.
how can I stop this to happen
Is there any tool that i can use and find the script which creates this emails?
Any advice will be appreciated
thanks
What mailserver software are you running?
Is it under your control?
If not you can blame the hosting provider for allowing an open relay! Just because your domain keeps getting spammed, it is ultimately the person who controls the email server that has the answer to this.
Tell them to install postfix and make sure its not an open relay :)
did your host say you were sending them or is it just a complaint because people are getting spammed with your address in the headers?
I have had that multiple times, if the emails did not originate from your mail server then there isn't much you can do.
If they did originate from your mail server and were sent by one of your scripts then I would shut down any scripts that send email to start
I have no access to our mail server logs to check. I have asked the host company/their reseller to send me some info about our mail server logs.
Last time I did an FTP back up of our site to our local server. And on that evening we got warned for this spamming.
Yesterday before I wanted to install an ad-on to our e-commerce software I started to take an ftp back up of all file system. after almost an hour our site was blocked by hosting company.
I guess they might have some sort of bandwidth checking? is this true?
Also we dont have any control to our mail server.
>> you are also receiving thousands of delivery failures these can be seen in the mailbox for your main account
hopefully they are referring to this as a seperate issue, anyone can use any email address as a reply to for a spam run
thanks
we will never know wither those emails actually generated from our server
If the hosting company complained, its a safe bet they were looking at your account and saw unusual activity, so I would guess it's a 99% probability.
We have changed those emailer scripts.
While you have experienced temporary relief, if your change involved simply changing the name of the form or using a different script, they will be back. What exactly did you do to change the scripts?
There are two things to get you started: alter any scripts - PHP, perl asp, anything that accepts form input - so that they log all data input from the form. If it comes from a form, open a text file, dump the time, IP address, and raw data in it, and review it regularly. This will give you a better picture of the "how."
Second is implement a way of cleansing your data input to the forms. This topic is a bit tall for this thread but in the words of Selena Sol, "Any form input is a potential hack." Treat it as such and begin looking into accepting only what should be input from that form. Most frequently hit are forms that provide an "auto reply" to the person filling out the form. Plug that hole and they lose motivation.
Here's a discussion [webmasterworld.com] you might want to review to get at some ways of seriously stopping email form abuse.
Yes, you are right, they are back, We have changed one script/php file name and added extra server side validation e.g strip all /r/n from email.
On our email function we added this
$from = preg_replace('![\x00-\x1f].*$!sm', '', $from);
We have some other forms that only collects info about products but not any email, will that be a risk?
