News:

Click here for Toll-Free Service for your business starting at $2.00 per month

Main Menu

Spam problem on West server

Started by admin, December 11, 2013, 04:37:18 PM

Previous topic - Next topic

admin

We have a spam problem on the West server.
The provider that machine is hosted with requires you to send all mail through their system.  They also limit you to 1,000 messages per day.  The server has been over capacity all month so far.

We will be clearing the mail queue on that machine.  If this continues, we may need to block the mail function by default on the servers like we used to do.

As a reminder, be sure all of your scripts are kept up to date.  Running outdated scripts is a great way to have your site hacked as well as problems like this (sending messages through an exploit in a script).

admin

[root@west bin]# ./qmail-qstat
messages in queue: 44524
messages in queue but not yet preprocessed: 120


I stopped the qmail-send processes just a few minutes ago and 120 more messages have been submitted in that short time.

I am still waiting on the Plesk interface to gather the information from the queue so the contents can be easily investigated.

If this continues, we may switch this server to use Postfix like East and EU, but at minimum, we will get the queue cleaned out and the account sending the mail disabled.

admin

Another minute and we have this in the queue

[root@west bin]# ./qmail-qstat
messages in queue: 44620
messages in queue but not yet preprocessed: 218

admin

The mail log is 109MB for today alone.  I see some sites sending massive messages to random addresses at gmail and will disable those sites.  When the information populates, we will see if there are others.

admin

Queue is up to

[root@west etc]# /var/qmail/bin/qmail-qstat
messages in queue: 44847
messages in queue but not yet preprocessed: 445


This was slightly after the last one.  The mail function has been disabled on the site in question and now the IP address that is hitting most of their pages has been blocked.

admin

On another note, we are scanning for outdated Wordpress installations.  The number we are finding is beyond acceptable.

We are going to have to institute a policy that you keep the latest version of these scripts installed, especially when there are  known exploits, else the account will have to be suspended.

admin

The mail queue has been cleaned of the invalid messages.  Messages should resume sending tomorrow.