Spam Prevention

I

IT_Architect

Verified User
Joined
Feb 27, 2006
Messages
1,080
I recently had a PHP exploit that came as a result of a customer installing a php send-a-link-to-a-friend form that he downloaded from a code snip site. The problem is, it was open to BCC injection. I fixed the script, and things were fine for about week. Then we ended up on 3 blacklists which were the result of the earlier lapse. I am off the lists now, but my interest is in the best way to prevent this from occurring again.

When there is an exploit, the email address used as the sender is always fake so that nobody receives bounce messages. They end up in the default account for the domain, which customers never monitor. The reason we discovered it was growth in disk requirements of a stable domain.

Our solution was to monitor the default domain accounts. We found more than exploits. We found thousands of failed cron job messages for the individual domains. A whole lot of issues were cleared up by employing this method.

However, this method has some limitations. Our method only catches spam that the user DID NOT INTENTIONALLY send and whose account has not been compromised. E.G. script exploits. It would not catch the situation where you are hosting a spammer or one whose account has been compromised. What do you use to detect a spammer operating on your servers?
 
Only the most naieve spammers will buy an account and use it to spam, and you'll probably know it rather quickly if it happens to you.

Because so many spam emails are to nonexistent addresses, you'll see your exim queue fill up with thousands of frozen messages.

That said, since most spammers use a lot of AOL addresses you should probably set up a feedback loop with AOL here.
Once you do that, AOL will send a copy to you of each email sent from your server for which someone clicked the Spam button.

You'll find that most of the spam is either email your client forwarded from his address on your server to AOL and then marked as spam, or due to broken forms. Then you can educate your clients to resolve the former, and turn off forms and notify your clients about the latter so they can fix them.

While the good news is that most real spammers don't use accounts on webhosts anymore, if anyone does, you'll find them quickly that way, if they ever get an account on your server.

Jeff
 
jlasman said:
That said, since most spammers use a lot of AOL addresses you should probably set up a feedback loop with AOL here.
Once you do that, AOL will send a copy to you of each email sent from your server for which someone clicked the Spam button.
Click to expand...
That's a gem that I can use.

Thanks!
 
You must log in or register to reply here.
Back
Top