Hi,
I would like to report a spam action on my web server running Kloxo MR, My web server has been blacklisted by Barracuda and I wanted to discover why so I found a way to follow scripts using PHP mail function. So to get this, I used an easy way:
Adding two line in /etc/php.ini in [Mail Function] part:
- mail.add_x_header = On
- mail.log = /var/log/phpmail.log
I created a file phpmail.log at the good place with CH777 to report all the PHP scripts that uses PHP mail function and then restarted Apache.
After this, I could read the scripts and found the spam source: It's a script on a website in China with IP 124.173.132.30 =>
http://www.faret.cn/anzo.txtHow is it possible to send spam from an external script?
I wanted to blacklist spammer IP with "Blocked Hosts" option in Kloxo Panel but this option does not work as I reported here in this post =>
http://forum.mratwork.com/kloxo-mr-technical-helps/blocked-hosts-for-localhost-do-not-blacklist-ip-in-kloxo-mr/What do you suggest to protect my server from external scripts like this one? Is Spamdyke useful for this?
Thanks for helping :-)
Here is below the spam sent by spammer to many recipients: this mail is blocked in mail queue by the way.
mail() on [http://www.faret.cn/anzo.txt?
:193]: To: bin@iptransit.net -- Headers: From: Kenneth Williams <kwilliams174@yahoo.com> Reply-To: kwilliams174@yahoo.com MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Hello , My name is Mr.Kenneth Williams,A America citizen that live in Liberia ,Am sick for Ebola Virus Disease , Am an oil business man that made so much wealth in Africa,Right here my family and associate cannot come to see me because of the disease , Doctor has confirm to me that i will be death in 9 days time,I have wrote to my bank account officer to transfer $10 million to you ,so that you will take 20% and help me donate 80% to the charity home,This is my last wish as doctor has confirmed that i cannot live any more, Please kindly contact her now on Ms.Helen Adams Email: helenadams842@yahoo.com ,I have instructed her to work out the modalities and you will disburse the funds to various charity home in the world.May God bless you as you work with my instruction,You may not hear from me again as am very weak,Just manage to type this message,cooperate with my account officer Ms.Helen,Bye Kenneth Williams