Referrer Spam

Referrer spam is traffic from bots that impersonate a referral link. The pseudo traffic is designed to make their domain show up in your site analytics so that you’ll visit the site. Referrer spammers just forge the referrer of a http request to make their site show up in your logs/statistics. More information: http://blog.raventools.com/stop-referrer-spam/

Spam resources

rogue scripts, with the following two websites being useful for this practice: http://www.stopthehacker.com/ http://www.exploit-db.com/ The following two websites can also be highly useful as additional resources when experiencing a security compromise. http://google.com/webmasters/hacked/ http://stopbadware.org/webmaster-help

Spam Check list

Check the mail queue in a plesk server: # /usr/local/psa/admin/bin/mailqueuemng -s mail queue is full of spam type messages like this: Subject: Mr.: 14623c9d 65% off for you! Sale Sale Sale!! Vigara – 0.54$, Cilias – 1.09$, Levtira – 1.15$.. and more more more… ” Steps to take: 1. Check the mail queue for suspicious Read more about Spam Check list[…]

Troubleshoot Postfix Spam

RE: http://kb.parallels.com/en/114845 [stextbox id=”info”]Symptoms: Many email messages are sent from PHP scripts on the server. How can I find the domains on which these scripts are running if I am using Postfix?[/stextbox] [stextbox id=”warning”]Note:  This article is for Postfix.  If you are using the Qmail mail server, see this: http://secure-a-tech.com/troubleshoot-qmail-spam/[/stextbox] Resolution Many email messages are sent from Read more about Troubleshoot Postfix Spam[…]

PHP Spam Scripts

PHP Spam Scripts I finally decided this topic deserves its own page. To find the script sending spam Plesk Ver -11.0 cat /var/www/vhosts/domain.com/statistics/logs/access_log | grep POST > /tmp/post.log Ver 11.5+ cat /var/www/vhosts/system/domain.com/statistics/logs/access_log | grep POST > /tmp/post.log WHM cPanel cat /usr/local/apache/domlogs/domain.com | grep POST > /tmp/post.log View the results cat /etm/post.log 78.138.118.128 – – [02/Jan/2014:10:51:41 Read more about PHP Spam Scripts[…]