You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 40 guest(s) and 2 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Spam Relay? [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Spam Relay?
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
Author Message
mickyfinn
Nuke Soldier
Nuke Soldier


Joined: Jul 05, 2003
Posts: 18
PostPosted: Thu Jul 17, 2003 7:39 pm Reply with quoteBack to top
I've started getting a lot of undeliverable message warnings from various mail daemons and so I suspect that someone is using an open mail relay or vulnerability in my site.

The bulk of my site is php-nuke 6.5. There are several pages that are simple php applications as well.

Anyone got a good white paper on closing these types of holes? I'm not really sure where to start.

Micky Evil or Very Mad
Find all posts by mickyfinnView user's profileSend private message
MikeMiles
Lieutenant
Lieutenant


Joined: May 29, 2003
Posts: 231
PostPosted: Fri Jul 18, 2003 1:19 am Reply with quoteBack to top
I would say the first place to start is see if your IP is on the spammer blacklist. A lot of ISPs are using them these days. There's a few lists and you can find them by doing a search on Google. Go to Google's Group tab and enter your IP or domain there too to see if it pops up under any newsgroup for spamming.

If you aren't on a spam list and are running a mail server from home, you could be getting blocked just for that. AOL has been banning any email orginating from home mail servers or any with dynamic IPs. This is another spam prevention. Not sure who else does this besides AOL, but I wouldn't be surprised if more do the same. If you are getting blocked because of this, the only way around it is to use your ISPs SMTP connection.

Lastly, check your logs. They will give a clue if someone is exploiting something on your server. If so, most likely it will show exactly where.
Find all posts by MikeMilesView user's profileSend private message
mickyfinn
Nuke Soldier
Nuke Soldier


Joined: Jul 05, 2003
Posts: 18
PostPosted: Fri Jul 18, 2003 4:00 am Reply with quoteBack to top
Mike,

Thanks for the advice.

To be clear, I'm hosted at Pair networks. I'm not an expert with apache logs, but I know theres a php routine that will parse the logs, so I'll check to see if there's anything that looks weird.

My main problem is that I don't really know how this type of abuse is conducted, whether phpMail is the problem or it's just sending through the smtp relay. I'm pretty new to this problem and the web hasn't been particularly enlightening.

Regards,

Micky
Find all posts by mickyfinnView user's profileSend private message
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939
PostPosted: Fri Jul 18, 2003 5:33 am Reply with quoteBack to top
Try this page to test your server:

http://www.abuse.net/relay.html

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.263 Seconds - 266 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::