Jump to content

[Resolved] I think that are hackers using my IP!!!


ronaldop

Recommended Posts

Posted

Hi,

My server is using qmail-toaster, last version, and my server getting blocked all the time. My mail server is small and consulting the log files don´t have any spam living my server. My IP is 200.181.62.242 and my DNS is bind using SPF ans DKIM. My domain is irmaospontual.com.br ans my host is servidor.irmaospontual.com.br. What is happend? why i´m blocked all time? i make all test (DNS stuff, open relay, SPF, DKIM) and my qmail server is aproved at all. i´m desesperated, please help-me.

Posted
200.181.62.242 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 7 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

System administrator has already delisted this system once

Because of the above problems, express-delisting is not available

Most often spamtrap hits without user reports are caused by misdirected bounces. What happens if someone sends an email to your server that is addressed to a non-existent address at your domain? Is it rejected with a 500 series error message, or is it bounced to the envenlope sender? If you are bouncing, then those bounces go to the forged from address on spam, and are considered spam themselves. If you tell me what domain you server should accept mail to, I can test and see exactly what it is doing.

I can see that for a random domain, it does reject with a 553 error which is good, but the behavior for bad addresses on the domain it is configured for may be different.

Posted

Thank´s telarin, my server accept domain of irmaospontual.com.br. Merlyn, I think that´s the real problem, how i fix this trojan problem on linux fedora core 2 server?

Posted

I´m using PHP nuke 7.8 wich have a mail() function. Have a way of the spammers use mail() function of PHP to send mails without log in qmail server´s log?

Posted

PHP-Nuke has a long history of getting hacked. I have no idea what version is 'current' or the status of "today's" version ....

http://secunia.com/advisories/23128/ details an exploit in version 7.9, posted 2006-11-28 .. so things don't seem to have changed much, although the update/upgrades keep coming ....

Posted
Thank´s telarin, my server accept domain of irmaospontual.com.br. Merlyn, I think that´s the real problem, how i fix this trojan problem on linux fedora core 2 server?

I agree, your mailserver rejects emails to bad addresses with a 500 error message just as it should, so misdirected bounces would not appear to be the problem. I would go the trojan or PHP Nuke vulnerability route for further troubleshooting.

Posted

Thank´s for all help, you are showing me the right way. I attack the security problem of PHP-nuke using a security module for apache web server, your name is mod security and i find it in http://www.modsecurity.org. This module filter bad requests to PHP and other http requests. I make a few tests and the results is aparentely good. I will continuing testing...

  • 5 weeks later...
Posted

Been a month with no follow-up .. so making the assumption that all is well with this system and tagging this one as Resolved.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...