Referrer Spam

Referrer spam is traffic from bots that impersonate a referral link. The pseudo traffic is designed to make their domain show up in your site analytics so that you’ll visit the site. Referrer spammers just forge the referrer of a http request to make their site show up in your logs/statistics. More information: http://blog.raventools.com/stop-referrer-spam/

Spam resources

rogue scripts, with the following two websites being useful for this practice: http://www.stopthehacker.com/ http://www.exploit-db.com/ The following two websites can also be highly useful as additional resources when experiencing a security compromise. http://google.com/webmasters/hacked/ http://stopbadware.org/webmaster-help

Is SpamAssassin Working

Check the header of an email X-Spam-Status: No, score=0.1 X-Spam-Score: 1 X-Spam-Bar: / X-Ham-Report: Spam detection software, running on the system "server.domain.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have…

Spam Check list

Check the mail queue in a plesk server: # /usr/local/psa/admin/bin/mailqueuemng -s mail queue is full of spam type messages like this: Subject: Mr.: 14623c9d 65% off for you! Sale Sale Sale!! Vigara – 0.54$, Cilias – 1.09$, Levtira – 1.15$.. and more more more… ” Steps to take: 1. Check the mail queue for suspicious…

Troubleshoot Postfix Spam

RE: http://kb.parallels.com/en/114845 [stextbox id=”info”]Symptoms: Many email messages are sent from PHP scripts on the server. How can I find the domains on which these scripts are running if I am using Postfix?[/stextbox] [stextbox id=”warning”]Note:  This article is for Postfix.  If you are using the Qmail mail server, see this: http://geekdecoder.com/troubleshoot-qmail-spam/[/stextbox] Resolution Many email messages are sent from…

PHP Spam Scripts

PHP Spam Scripts I finally decided this topic deserves its own page. To find the script sending spam Plesk Ver -11.0 cat /var/www/vhosts/domain.com/statistics/logs/access_log | grep POST > /tmp/post.log Ver 11.5+ cat /var/www/vhosts/system/domain.com/statistics/logs/access_log | grep POST > /tmp/post.log WHM cPanel cat /usr/local/apache/domlogs/domain.com | grep POST > /tmp/post.log View the results cat /etm/post.log 78.138.118.128 – – [02/Jan/2014:10:51:41…