SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Zealot
    Join Date
    May 2005
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Frequent Web Server Blacklisting - What to do?

    Hi

    For at least a couple of years now, on and off, our supported dedicated web server has been frequently added to a handful of blacklists (UCEPROTECTL1, SPAMCOP etc) and suffered, during that blacklisting, a Poor reputation on senderbase.org.

    The result is a series of calls and emails from upset clients who host with us complaining that their outbound email is bouncing and that some inbound is not reaching them. Lasts for 7 to 10 days or so. Bit of a drag all round then.

    The cause invariably is one our client's web hosting accounts being compromised and sending out thousands of emails.

    When we discover we are blackisted - several hours after the problem first occurred - we change the passwords and gradually recover our reputation and are removed from blacklists. Until the next incident.....

    There are, I'm afraid, rather a lot of accounts set up on the server - 283 in total.

    And rather a mixed bag in terms of 'quality' - some tech savvy clients and others who may be less than diligent with their own pc security.

    When we have raised this problem with our server's support they have suggested that we are always likely to have problems with such a large number of accounts - some with weak passwords and security.

    And the problems keep on coming. 1 to 2 incidents a month.

    Given that we appear to have no end of client's whose account's can be compromised, either on, or off, the server does anybody have any suggestions for what can we do to prevent thousands of emails being sent out - both short and long term.

    I'm thinking of:-
    - ways to configure the server to prevent thousands of emails being sent.
    - Services which alert us to blacklisting
    - ways to manage clients email going forward
    etc etc

    Just for your info the server is :-IntelTM Xeon Starlake E5205 1.86Ghz (Dual Core), 2GB DDR2 ECC SDRAM, 50gig Diskless Storage, Linux CentOS.

    TIA
    Pete

  2. #2
    SitePoint Enthusiast
    Join Date
    Mar 2005
    Location
    Scotland
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How is the server configured, does it have a control panel like cPanel or are you running everything from ssh?

    I would be concerned more about your server security/hardening techniques to be honest if you are experiencing this often.
    Free2host.co.uk - My longest ever project at 10 years

  3. #3
    SitePoint Zealot
    Join Date
    May 2005
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yep. It has Cpanel.

  4. #4
    SitePoint Enthusiast
    Join Date
    Mar 2005
    Location
    Scotland
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rooftop View Post
    Yep. It has Cpanel.

    Ok well that's much easier then, from within WHM: Server Configuration > Tweak Settings > Mail > Max hourly emails per domain. You can limit the number of outgoing mails each account can send per month. It will help you significantly by setting a cap.

    In addition to that just do a simple check every couple of days or even once a week on the mail Q's. Again in WHM Email > click View Sent Summary, enter a date range and it will show you where all the mail is coming from, generally speaking it is easy to see where there may an issue. You can check suspicious volumes to see what is actually being sent and spam can be spotted from a mile off.
    Free2host.co.uk - My longest ever project at 10 years

  5. #5
    SitePoint Zealot
    Join Date
    May 2005
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Excellent Tip. Excellent. Thank you.

  6. #6
    SitePoint Enthusiast
    Join Date
    Mar 2005
    Location
    Scotland
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You're welcome, now as you are running cPanel you should also install CSF, it's a firewall, spam detector and many other things, including options to monitor mail and send you email alerts if it's excessive. If you already have it installed go and look in the configuration section.

    If you are not using it (it's free and used by pretty much most cPanel hosts) go check it here:

    http://configserver.com/cp/csf.html

    And very easy to install > http://configserver.com/free/csf/install.txt

    Just be careful if you are already running a different firewall or have you own iptables rules running as it could remove them.
    Free2host.co.uk - My longest ever project at 10 years

  7. #7
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,644
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Additionally, have the host install maldet and have it run on AT LEAST a daily basis (I'd do it every six hours with that number of accounts). Maldet will scan for malware which are installed by your clients and/or hackers and will notify you of their presence (I believe it can also delete the offending code). SUSPEND any account with a maldet warning and advise the client that the account will be closed if they can't keep their website secure. ALL your clients will appreciate the increase in "quality" you mentioned as everyone is injured by your failure to maintain server security.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  8. #8
    SitePoint Zealot
    Join Date
    May 2005
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks both. I will check out both of these programs and run them by our Support.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •