Blog Header Banner

Archive for the ‘block spam’ tag

Stop Spammers From Abusing Your Web Hosting Server   no comments

Posted at Aug 5, 2010 @ 12:47pm Ask the Expert,Web hosting

Today, spam is a fact of life. Because of the daily spam deluge (and those over-zealous anti-spam systems) many email communications require a follow up phone call… “did you get my email?”

You may not realize it, but if you send emails through your web hosting server or virtual server and operate a web hosting business, web development business or host your email with a web hosting company, you have likely had some trouble getting your emails through. Often the reason is that your server has been used to send spam without your knowledge. Most of today’s web hosting companies employ automated protection to stop such things, and catch abuse before it gets out of hand. But spammers are getting more clever and an increasing number of stealth spamming techniques can bypass these systems.

Many web hosting companies resell web hosting, and their resellers (unbeknownst to them) send out spam. This can result in the blacklisting of the entire server, and everyone on it, which will keep most (if not all) emails sent from the server from ever reaching their destinations. Of course, it is the web host’s responsibility to carefully monitor their clients and web sites on their server(s) to make sure this never happens. Traditionally, this hasn’t been too difficult. Today’s modern web hosting systems employ advanced abuse tracking and header info in every email making it easy to catch and stop this type of abuse before it becomes a problem.

Lately, however, this has become a lot harder. There is a new wave of spam abuse that hides under the radar, bypassing the web server’s normal email system(s) by opening up a small cgi program, which then operates as a small mail sending server, which then floods spam out onto the Internet. Unfortunately, none of the traditional monitoring systems are able to detect this sort of stealth spamming. Naturally, for this reason, it has become very popular.

Fortunately, here at TurnKey, we’ve figured out a fix for web hosts and developers using cPanel (this will work on other servers, such as Plesk and DirectAdmin as well). Our fix will stop stealth spam dead in its tracks! Until it is a built-in a feature in all hosting companies’ server offerings, make sure you ask your web hosting company to set this up for your server. Alternatively, you can pick a web hosting company that takes care of it themselves (like TurnKey Internet).

First, login to your cPanel server via the unix shell and install CSF firewall. Follow the usual instructions here:

mkdir /usr/local/src
cd /usr/local/src
wget http://www.configserver.com/free/csf.tgz
tar xfz csf.tgz
cd csf
./install.sh

On a cPanel based server, all the default settings are what you want, with 2 exceptions:

Open the configuration file in your favorite text editor (/etc/csf.conf) and change the following lines:

TESTING = “1” change to TESTING = “0”

NEXT:  you need to change 2 more lines, the SMTP_BLOCK and SMTP_ALLOWLOCAL to the following values:

SMTP_BLOCK = “1”

SMTP_ALLOWLOCAL = “0”

This will block outbound emails from anyone other than the mail server software, and prevent any unauthorized access to the mail daemon from local scripts.  Your web hosting clients, and web pages will still be able to send email like before (they use a proper method of communicating to the mail daemon already, this above trick is just to block stealth spammers from working).

 

restart the firewall by typing:

/etc/init.d/csf restart

If all goes well your server will now be protected by a firewall with an added check to prevent spammers from sending emails that avoid the normal php_mail or other local mail sending method (which lets you track and log all emails, put in abuse headers by default, etc.).

Next time on Ask the Expert, we will show you how to optimize your server to really cut down on abuse from spammers.

Follow Us : Facebooktwitterlinkedinyoutubeinstagram
Share : Facebooktwitterredditlinkedinmail

Written by admin on August 5th, 2010

Tagged with , , , ,