Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


I have an SPAMmer IP, how IP owner should act?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

I have an SPAMmer IP, how IP owner should act?

postcdpostcd Member

Hello,

from time to time someone inject an malicious .php file into any of my hosting account and sending out spam. Ok, i find script, remove it, try to protect from future, ban IP and such. Today i found that this SPAM script was in Apache accessed by IP 216.158.., i messaged an webnx.com who appears to be owner. They ask me to provide "logs" and so they will forward it to the client.

I would like to ask what kind of log i should provide so it is good log? I can paste line of text from apache access log, but im unsure how this can be any proof?! anyone can write line of text... As mail server im using Exim. Which commands i need to do? Also how hosting providers should act in case like mine? Thanks

Comments

  • 4n0nx4n0nx Member

    They will just forward the log to their client. This is to help the client figure out if/how their server is being used by someone else for an attack.

    I would not send an abuse mail, but rather make sure it can't happen again.

  • I think the question you should be asking is how they keep getting into your account.

    Your website or a script you are running probably has a vulnerability.

    Thanked by 34n0nx jar Pwner
  • mikhomikho Member, Host Rep

    send them the text from your access log.
    make sure you follow up to the abuse department in 24 hours.

    Also make 100% sure that you find the reason why they keep getting access to your server

  • said: i find script, remove it, try to protect from future, ban IP and suc

    This is not the solution. You have to secure your server from scratch, as other saying here. That means that you have to do a clean install from an iso or image that is not hacked or has a hole (usually vps providers do check their images or templates for that). Then, you have to secure your new server immediatelly after you install it (disable ssh password access, change ssh port, check of course your pc for vulnerabilities). Do not install any script, backup, files and/or existing database before doing a deep search for malicious code.
    Only then, you will be able to have a clean and secure for spamming vps.

    Thanked by 1sin
Sign In or Register to comment.