All Questions
41
questions
0
votes
1
answer
80
views
postfix bounce_queue_lifetime and maximal_queue_lifetime
i have done a lot of research but still cannot clearly understand what is the difference between postfix bounce_queue_lifetime and maximal_queue_lifetime in main.cf. Although I've read a lot of ...
25
votes
5
answers
8k
views
Does DKIM alone not solve the spam issue? Why do I need SPF?
FINAL EDIT : I was completely wrong about DKIM it seems, the signing domain does not have to be the same as the sender domain, thus the whole premise for my question is flawed. A lot of thanks to Paul ...
-1
votes
1
answer
62
views
How is it possible for spammers to keep pestering me with FAKE domains when all e-mail sending providers have these insane obstacles to go through?
I keep getting e-mails to my Gmail account from made-up domains such as:
@mtixusu9shbyusyr6.org.uk
@mpqyriexqpvramtkn.org.uk
And so on... (Yes, I checked some of them and they are not actually ...
1
vote
0
answers
2k
views
Linux history filled with priv_escl_start and _end after security changes
We are going through a process to make our linux servers more secure following a scan. I notice that on some of the machines, we now have lines like:
LANG=C; printf "priv_escl_start_%s" "[random 8 ...
0
votes
0
answers
40
views
What email headers are useful for determining if my email account has been compromised?
I've recently received a lot of spam replies (automated replies from users, and rejections from mail servers) to a certain email address. I've taken the obvious precautions of changing passwords, and ...
-2
votes
1
answer
130
views
When is an email rejected by the receiving server? [duplicate]
Currently, I am working on a web application and wanted to create a web form to let users write emails through it. So, they would have to set their email address and the message and after clicking "...
0
votes
0
answers
278
views
Identifying suspicious outgoing SMTP connections (a.k.a. spam) after CBL listing
The IP of my email server has been listed on Spamhaus CBL, which states that the server "attempted to send email without using the HELO/EHLO command", "[which] is generally indicative of a broken ...
-1
votes
1
answer
638
views
how block this spam bot using htaccess?
I have this spam bot showing in google analytics (screen capture).
I tried blocking it using this htaccess configuration
RewriteCond %{HTTP:Accept-Language} (Trump) [NC]
RewriteRule .* www.google....
1
vote
0
answers
61
views
How can I know how an email account was breached? [duplicate]
it seems that a spammer cracked an email account and all my SMTP relays were consumed. My server is a VPS CentOS.
I have taken every prevention method I have found on the CPanel documentation and ...
1
vote
0
answers
34
views
How I can look from that script runs sendmail? [duplicate]
my problem is that some script in php or some other script or program is sending spam.
I am not able to trace where this program runs.
do the following:
ps aux | grep sendmail
nginx 28286 0.0 ...
2
votes
2
answers
3k
views
Apache access log full of unauthorized and suspicious requests, how to take action
I have setup a small tiny VPS for my own website. Since it was live, I see many suspicious activity in the access.log file. When I was on a shared hosting I did not have access to this file and ...
1
vote
1
answer
534
views
nginx spam 404 errors
My server is spammed by multiples XXX domains, there is a lot of 404 errors in my logs and i can't find the solution to stop that.
2015/07/31 09:13:20 [error] 7070#0: *610 open() "/var/www/domain/...
0
votes
1
answer
1k
views
Block an http referrer on the server level
I am seeing multiple fake http referrers to several sites on my server, which for the most part doesn't bother me, except that they distort visitor stats.
I have filtered the questionable domains out ...
2
votes
2
answers
699
views
My site is suddenly getting slammed, not legitimate traffic
I run a site with about 700 registered users. On a typical day, there are 30-50 hits.
In the last three days, the traffic has increased insanely fast (according to Google Analytics). I got 7,287 hits ...
0
votes
1
answer
2k
views
Getting lots of traffic from russia to an unpublished site
I am currently building a website. Currently nobody knows about it but it is already reachable for testing purposes. Now I saw, that I get a lot of traffic from russia (Its a german website hosted on ...
0
votes
1
answer
452
views
Apache2 Mod_spamhaus Whitelist
We are using Apache2 mod_spamhaus and many customers were banned using the "Post" method.
There is no way to deny mod_spamhaus ban continuously our customers making false positive or ban ...
0
votes
2
answers
170
views
Dealing with Apache spam
I am recieving a lot of suspicious requests which cause Apache to use a lot of memory (over 1GB)
[Mon Feb 24 09:48:29 2014] [error] [client 120.37.238.125] PHP Fatal error: Allowed memory size of ...
6
votes
4
answers
4k
views
How can I block outside mail FROM [email protected]?
A security firm has been testing my mail server and claims my Postfix daemon is an open relay. The evidence is as follows (valid public IP for mail.mydomain.com has been changed to 10.1.1.1 for ...
1
vote
3
answers
2k
views
How to prevent Linux server from spamming?
I installed mail scanner for spam protection, but is there any script for Linux to notify me or email me that some one spaming on my server ?
0
votes
1
answer
207
views
Global Authority for Blacklisting IPs
I know that there are few common ways to block attacking IPs (such as deny in htaccess). Additional to that, we could get a huge list of IPs to block from misc sites such as :
http://www.okean.com/...
3
votes
3
answers
4k
views
How to find which local process is sending spam on a Windows Server 2008 server
I am managing a Win Server 2008 system with a number of hosted web sites. Recently I found that something was sending spam through our SMTP server. The logs indicate that the connections were being ...
0
votes
1
answer
715
views
Security Risks of catch-all email address [closed]
What additional security issues does an MTA and email client face if a catch-all email address is setup on an sub-domain (that isn't published/publicly listed anywhere) compared with setting up ...
1
vote
1
answer
910
views
Why is FunWebProducts flooding my server?
I have received 47 000 hits in the past couple of hours from a single domain. I researched FunWebProducts but it seems to be some kind of a plugin, not sure how this is possible?
89.70.25.120 - - [03/...
-2
votes
2
answers
315
views
Nginx massive error.log, am I being DDOSed?
So I just opened up my Nginx error log as all my pages are throwing error code 500.
It's enormous, my site is still in development and their are well over 100k errors for resources Nginx was unable ...
0
votes
1
answer
110
views
Common ways of spam files ending up in a web directory
A friend discovered a bunch of spam files in his web directory on his web host the other day. He has no idea where they came from, and I'm not quite sure either.
What are common security breaches ...
2
votes
1
answer
540
views
Issue of tracking an email that was "lost in cyberspace"
The issue here is one of an email that has been "lost in cyberspace." The receiver is claiming never to have received it. However, I recieved an automated out-of-office reply as a response to my email....
0
votes
1
answer
105
views
Published and updated mass email statistics?
I'm wondering if someone is publishing statistics on email usage on the internet.
The main number I'm looking for is average message size on a large scale sample data over time.
If someone doing ...
0
votes
4
answers
2k
views
Unexpected requests from an IP in San Antonio.. should I worry?
I've noticed on my server log that I receive unexpected requests from an IP in San Antonio. Is this spam ?
They visit phpMyAdmin, admin.. etc is this spam ?
184.106.130.137 184.106.149.110 - [21/Nov/...
5
votes
2
answers
382
views
Attack from anonymous proxy
We got attacked by some very-bored teenagers registering in our forums and posting very explicit material using anonymous proxy websites, like http://proxify.com/
Is there a way to check the ...
0
votes
2
answers
3k
views
SMTP hacked by spammer using base64 encoding to authenticate [closed]
Over the past day we've detected someone from China using our server to send spam email. It's very likely that he's using a weak username/password to access our SMTP server, but the problem is that he ...
1
vote
3
answers
408
views
Blocking a distributed, consistent spam attack? Could it be something more serious?
I will do my best to try and explain this as it's strange and confusing to me. I posted a little while ago about a sustained spike in mysql queries on a VPS I had recently setup. It turned out to be a ...
82
votes
11
answers
91k
views
Dealing with HTTP w00tw00t attacks
I have a server with apache and I recently installed mod_security2 because I get attacked a lot by this:
My apache version is apache v2.2.3 and I use mod_security2.c
This were the entries from the ...
6
votes
4
answers
4k
views
How do you test a new email filtering system?
What method do you use to test or evaluate potential new email filtering systems before you set it up on your production network?
I am particularly interested in methods that are appropriate for ...
5
votes
7
answers
16k
views
How to check my linux server isn't spamming
I'm worried about dodgy php scripts or other malicious software on my linux server sending out spam. Or maybe I left an open relay
What are the ways to check I'm not sending any spam out?
0
votes
2
answers
300
views
I found a Ukranian spammer and have the exact query, IP and access time. What next?
Before I turned on comment moderation, these guys would leave comments meant to steal my Google juice (by getting an inbound link). I can still see them visit... the question is
what should I do next?...
3
votes
5
answers
1k
views
Blacklisting: IP's or domains?
I am implementing a blacklisting system on my website that monitors contact forms for suspicious usage (both spam content and excessive frequency).
When I find somebody / robot that meets my criteria ...
0
votes
2
answers
2k
views
Server hacked for SPAM, The BAT in X-Mailer
Our server has been hacked and I am trying to track down the cause. The server is being for SPAM purposes and it looks like IIS is being using to send the emails as the badmail and queue folder are ...
3
votes
5
answers
243
views
What Security Suite to choose?
What security suite would you recommend in an environment consisting of roughly 120 PC's and some 30 servers? Environment is MS only, so Exchange and ISA must also be supported.
23
votes
9
answers
44k
views
Relatively easy way to block all traffic from a specific country?
I have a web app that has no users in the Philippines, but is constantly bombarded by spammers, carders testing cards, and other undesirable activity from there. I can see in the logs that they have ...
2
votes
4
answers
308
views
What is the best way to deal with spam or virus infected hosts in wireless network with personal laptops?
What is the best way to deal with spam or virus infected hosts in wireless network with personal laptops (like personal students laptops in university)? What polices and tools use your company?
4
votes
3
answers
528
views
How to detect form spamming on your web servers?
If you run hundred of web sites on your servers, what it is the most efficient, automated way to detect if bots are using your HTML forms to send spam email, even if your forms have some kind of ...