Spam issue - Can't find the spammer
ThePlanet has opened an abuse ticket on our account due to outgoing spam on our server. We have looked into it and could not find the source anywhere, and was therefore unable to suspend any accounts.
We therefore asked ThePlanet to investigate the issue using our only hour of administrative time.
Here was their response:
Originally Posted by
ThePlanet ticket response
We have made extensive checks of the system and checked the results of the extended Exim logging, but have been unable to determine the source of the emails. There is a possiblity the emails are being injected directly into the Exim queue, which would prevent them from being logged.
In the interests of finding out if any of the users on the system were generating these messages, we checked various aspects of the users and investigated one mailing script under one of the users that shows heavy use in the Apache logs. While the check cannot be regarded as comprehensive, it was lengthy and detailed with respect to issues we have seen in the past. We could not attribute any particular user to this problem.
An Abuse engineer and a Security engineer spent well over an hour working on this issue, however, we are only attributing the time spent towards your admin hour for the month of June for this server.
Further time may be spent on this issue by our personnel if you wish, but this would be at a cost of $75 per hour. Please advise if this is desirable, or if you would rather have your admins work on the issue. A rapid response by either party is highly desirable.
In the interests of finding out if any of the users on the system were generating these messages, we checked various aspects of the users and investigated one mailing script under one of the users that shows heavy use in the Apache logs. While the check cannot be regarded as comprehensive, it was lengthy and detailed with respect to issues we have seen in the past. We could not attribute any particular user to this problem.
An Abuse engineer and a Security engineer spent well over an hour working on this issue, however, we are only attributing the time spent towards your admin hour for the month of June for this server.
Further time may be spent on this issue by our personnel if you wish, but this would be at a cost of $75 per hour. Please advise if this is desirable, or if you would rather have your admins work on the issue. A rapid response by either party is highly desirable.
Since this issue arrised, I have blocked all emails from being sent from "nobody". I am not 100% sure if this will stop the spam for the time being.
Any suggestions?
Thank you in advance.
- Rich
