Page 1 of 1
help ip listed as spam
Posted: Thu Nov 12, 2015 10:18 am
by RogerVer
Can someone tell me what i can do here ?
Re: help ip listed as spam
Posted: Thu Nov 12, 2015 12:01 pm
by DRS
It's not very hard.
First analyzes on how many list is your IP:
http://multirbl.valli.org/lookup/
Then send an email to each list and ask to be removed from it.
Also try with:
http://www.sorbs.net/ -> Delist an IP Address
Re: help ip listed as spam
Posted: Thu Nov 12, 2015 12:44 pm
by RogerVer
i am trying to figure out how to find which account is compromised on the server
the logs in /var/log are no help
Re: help ip listed as spam
Posted: Thu Nov 12, 2015 3:25 pm
by skurudo
Use mailq for see your log queue.
exim -Mvh message-id-from queue -- headers
exim -Mvb message-id-from queue -- body message
Search php script, which send all this spam mail.
It seems from php-shell.
You can use maldet for search this php-shell -
https://www.rfxn.com/projects/linux-malware-detect/
Re: help ip listed as spam
Posted: Fri Nov 13, 2015 2:12 am
by RogerVer
i am in single user mode now because the hosting company has it blocked
and i did run maldet
didnt find anything
can i see usage per account somewhere ?
Re: help ip listed as spam
Posted: Fri Nov 13, 2015 10:56 am
by skurudo
RogerVer wrote:i am in single user mode now because the hosting company has it blocked
didnt find anything
can i see usage per account somewhere ?
But you have root access and can see mail queue? If so, then you can search for spam script and delete it.
Use mailq for see your mail queue.
exim -Mvh message-id-from queue -- headers
exim -Mvb message-id-from queue -- body message
Re: help ip listed as spam
Posted: Sat Nov 14, 2015 4:06 am
by RogerVer
thank you guys
i think i found the script and have deleted it
i had to mount the disk
then to go spool/exim/
and read through the files ( over 18K file s)
rebooted and watching it now