turnkey
New member
Ok, I had this problem this morning and found a really quick way to stop it. Was not quick until I learned how to do this.
1. If you see a lot (A LOT) of exim and sendmails in your top process and suspect somebody is sending out mass mail you can do the following:
Note: if you enable phpsuexec is should show in the top process but for the rest of us who do not know it enough to run it it will show as user nobody.
Step 1.
disable exim
chmod 000 /usr/sbin/exim
Step 2.
watch the httpd error logs
tail -f /etc/httpd/logs/error_log
You will start to see a lot of permishion denied errors. It will show what file and what user is causing the spike in your server.
Then goto there directory and look at the file and see what they are doing.
In my case, a user was sending out 50,000 emails.
I suspended his account in WHM, moved all his php scripts to a off-line directory/drive and removed the files from his web site.
Now, once you have determined if the user is spamming or sending out mass mail use your best jugment to determin if you should delete the account or not.
I hope this helps, I spent 4+ hrs working on this until I figured out this quick and dirty way to determin who is causing the problem.
1. If you see a lot (A LOT) of exim and sendmails in your top process and suspect somebody is sending out mass mail you can do the following:
Note: if you enable phpsuexec is should show in the top process but for the rest of us who do not know it enough to run it it will show as user nobody.
Step 1.
disable exim
chmod 000 /usr/sbin/exim
Step 2.
watch the httpd error logs
tail -f /etc/httpd/logs/error_log
You will start to see a lot of permishion denied errors. It will show what file and what user is causing the spike in your server.
Then goto there directory and look at the file and see what they are doing.
In my case, a user was sending out 50,000 emails.
I suspended his account in WHM, moved all his php scripts to a off-line directory/drive and removed the files from his web site.
Now, once you have determined if the user is spamming or sending out mass mail use your best jugment to determin if you should delete the account or not.
I hope this helps, I spent 4+ hrs working on this until I figured out this quick and dirty way to determin who is causing the problem.