Jump to content


  • Posts

  • Joined

  • Last visited

rwh's Achievements


Newbie (1/6)



  1. Found The spammer was using cgi scripts injecting the mails into them. Domain name productsrus.biz Ip
  2. The ip that I was talking about was the 247 ip, because we had it on the server but the ip was not assigned to anyone, it was unused.
  3. Damn guys give me a fricking break I came here asking for help that is all. I did not come here to get blasted.
  4. This was the problem we have found it, and the entire system was not compromised! http://forums.realwebhost.net/showthread.php?t=92907 We have also enabled this SMTP TweakThis SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers.
  5. Hello, Yes, thats correct all the IPs are routed to the same Linux box, however MTA is configured to send out mail from just one IP address. We have only the necessary ports open, none of the unwanted ports are opened. Why would all the IPs would be blacklisted on the server, usually the IP that would be resonsible for sending spam mails would be blacklised, is that correct? We run on a shared hosting environment and use Cpanel based sever. The MTA is exim and exim is configured to send mails only from the main IP. The additional IPs will not be inolved in spamming by any chance. My suspicion is that Phpnuke's webmail module might be causing problem. Any feedback is appreciated. Regards
  6. Below are some ips from one of our servers that started showing on your list today/tonight. Problem is that some of these ips are not even assigned? Looks like the same email address is being used in the header of the spam emails and showhow he is stealing the ips and using them. How can I stop this? Any help would be appreciated.
  7. Hi Folks I am new here. Need some help if possible. One of our server ips has been blocked by spamcop. The block was justified. The ip in question is We have 2 spammers on this server with the domain names secure-payments.net "terminated 10/1/2004" and tofutureweb.com "terminated 9/27/2004" We terminated these 2 accounts has soon as we were notified of the spamming activites. How do we now get off the list? We have never had this happen before so we are a little green about what we need to do to clear our ip with you. Any help would really be appreciated. Joey Moses
  • Create New...