This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Blacklisted
#1
Blacklisted
hello everyone !

i have a new problem... Sad
i´ve just find out that the ip of my server is listed in 5 blacklists.
all reports are saying is because of spamming. My question is... how can i know the source of this?
my server is supposed to be sending lots of spam but im lost in how to toubleshoot this.

any help would be appreciated.
Reply
Thanks given by:
#2
RE: Blacklisted
For starters, check your mail logs for emails being sent from addresses that are not yours.
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#3
RE: Blacklisted
(10-05-2017, 01:36 PM)TGates Wrote: For starters, check your mail logs for emails being sent from addresses that are not yours.

checked
lots of !"#$#" in the logs. I need help on how to stop sending spam.... please!!
Reply
Thanks given by:
#4
RE: Blacklisted
Check the websites for any new files uploaded in last period where the activity started you will see quicky the culpiit
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#5
RE: Blacklisted
(10-05-2017, 06:34 PM)Me.B Wrote: Check the websites for any new files uploaded in last period where the activity started you will see quicky the culpiit

websites were checked and no suspicious activity there. I updated everything that needed to be updated.
This morning i received notification that the ip address was removed from some of the blacklists since we are no longer spamming.
Besides the updates made to plugins in wordpress sites, the only thing i made was to flush the mail queue, so i have no idea what was the cause of the problem.
Reply
Thanks given by:
#6
RE: Blacklisted
It could have been a wordpress plugin. A lot of them have been known to have vulnerabilities Sad
By updating everything it may have fixed the issue.
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#7
RE: Blacklisted
weak passwords would allow hacked to use ESMTP on your servers and so to spam.

But almost 100% sure you got website hacked. do you have any CMS there? Joomla? WP? forums?

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#8
RE: Blacklisted
(10-06-2017, 05:11 AM)Me.B Wrote: weak passwords would allow hacked to use ESMTP on your servers and so to spam.

But almost 100% sure you got website hacked. do you have any CMS there? Joomla? WP? forums?

M B

just wordpress
Reply
Thanks given by:
#9
RE: Blacklisted
I have made some changes to his postfix config but with weak passwords, those changes may not help 100% but should still help a bit. (For example: blocking email pass-through/only allow emails from server, not relay from outside sources, only valid hostnames, etc.)

His mail.log has been very quiet since I added the changes. Will keep monitoring it.


syslog still shows activity though. Watching that also.
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#10
RE: Blacklisted
This is the reason why i do not use Wordpress on my projects! Besides you can build your own system with ease by creating your own databases and php files, basically Wordpress installs a lot of stuff that most of the website owners do not use at all. 

Plugins are the major problem you need to check plugin by plugin, check forums and updates provided. I found some issues with wordpress in this function: functions/theme-mail.php (check if that exists on your theme folder).

You should prevent direct Access to Files: If you identify the snippet above within your theme, add the following code after your opening PHP tags to prevent direct access to the file and further exploitation:

PHP Code:
if ( basename($_SERVER['PHP_SELF']) == basename(_FILE_) )
{
 die(
'Access Denied');


If you develop themes or plugins and they include files that shouldn’t be used outside of the original theme or plugin, consider using this trick to prevent direct access to the files.

Even so, that should fix the issue at least. WordPress users should also keep these issues in mind and employ preventative measures such as a Web Application Firewall (WAF).

I hope this guidelines help you on your further development.
'' Life is full of important choices ''
Help Sentora Donate now => http://sentora.org/donate Blush
Reply
Thanks given by: TGates


Forum Jump:


Users browsing this thread: 1 Guest(s)