hi. We recently migrated several sites to ispconfig, and these days I noticed a huge spam activity generating from our server. in the meantime while I look for the site used for this activity, is there some action we can take to mitigate the abuse of web scripts used for mailings? we're not using ispconfig as mailserver, just for sites mailing thanks
found out it's an outdated wordpress site. is it possible to monitor such events? i.e. can amavis find common scripts, like WSO?
Hello, If you are the administrator you can do everything. - Locate the script and check how and who is abusing it. - Disable features for this site if your customer doesn't need them. (cgi, python, perl, ssi, ruby) - Check for malware, php shell ... with clamav and rkhunter. - Force smtp auth - Disable mail() function Please note that I don't know nothing about your customer or your server. Cheers!
thanks pititis, my question was generic, on purpose. As I added I managed to stop this specific site and infection, what I wanted to know is if, for example, could be possible to execute a "clamav" on every uploaded file so that if it's a shell script or maliciuos file could be catched, or at least a warning triggered. Some "watcher" with the current settings. thanks!
