UKC, Author at UK-Cheapest.co.uk

How to find an anonymous spammer on a Plesk server

January 6, 2012

Re: Finding Plesk Spammer, Qmail spam source, Anonymous spam

So you’ve done all the basics, looked through the maillogs and you’ve determined the spammer is sending from “anonymous” which means a vulnerable script somewhere on the server. But where? Great, so now let’s delve a little deeper to find the UID of the spammer.

1) Let’s take a look in the mail queue and read one of those spam email references:

# /var/qmail/bin/qmail-qread

remote ankush_krishna2137@yahoo.com
6 Jan 2012 09:14:53 GMT #34012584 2987 <anonymous@server.microlite8.com>

2) Now we have a message ID, let’s search for the actual message:

# find /var/qmail/queue/ -name 34012584

/var/qmail/queue/info/0/34012584
/var/qmail/queue/remote/0/34012584
/var/qmail/queue/mess/0/34012584

3) Great! Now let’s see what’s in the message to get out that all telling UID:

# cat /var/qmail/queue/mess/0/34012584

Received: (qmail 9936 invoked by uid 10820); 6 Jan 2012 09:14:50 +0000
Date: 6 Jan 2012 09:14:50 +0000
Message-ID: <20120106091450.9934.qmail@server.microliteX.com>
To: annette@recdom.wandoo.co.uk
Subject: Urgent Reply
From: Mrs.Farida Waziri <faridawaziri@hotmail.com>

4) Let’s map the UID to a domain name on the Plesk server:

# cat /etc/passwd | grep 10820

admin947932:x:10820:2523::/var/www/vhosts/thisisthespammer.com:/bin/false

5) Spammer caught 😀

Please share this page on Facebook or Google+ if you found this article useful.

How to check if your site is infected with Malware

June 23, 2012January 5, 2012

Is your site infected with Malware?

There is one sure fire way to check if your site is infected with Malware, ask Google!

Go to the following URL and insert your domain name at the end, here is a sample:

http://www.google.com/safebrowsing/diagnostic?site=uk-cheapest.co.uk

You can also scan your website for free at Sucuri.net here:

http://sucuri.net/

Clearing your PC of Malware

To check your PC for malware, use the following free software:

AdAware – http://www.lavasoft.com/
MBAM – http://www.malwarebytes.org/products/malwarebytes_free

This free software will remove all malware and malicious ads, spyware and cookies from your PC and should be run regularly to ensure an optimum browsing experience.

Securing your WordPress application

There are many ways to protect your site from hackers and malware, see here for WordPress:

How to secure your WordPress file and directory structure

How to secure WordPress in 7 easy steps

How to block Yandex using IPTABLES or APF

January 5, 2012

Re: Yandex IP range, Yandex subnets, Block Yandex Robots

Across our server range we are finding that Yandex continues to ignore robots.txt files and crawls some sites constantly, so how do you stop such an abuse of your network resources?

If you use IPTABLES or APF (you should!) then you can block all Yandex spiders using the following IP ranges:

77.88.0.0/18 # yandex.ru
77.88.22.0/23 # yandex.ru
77.88.24.0/21 # yandex.ru
77.88.24.0/22 # yandex.ru
77.88.28.0/22 # yandex.ru
77.88.36.0/23 # yandex.ru
77.88.42.0/23 # yandex.ru
77.88.44.0/24 # yandex.ru
77.88.50.0/23 # yandex.ru
87.250.224.0/19 # yandex.ru
87.250.230.0/23 # yandex.ru
87.250.252.0/22 # yandex.ru
93.158.128.0/18 # yandex.ru
93.158.137.0/24 # yandex.ru
93.158.144.0/21 # yandex.ru
93.158.144.0/23 # yandex.ru
93.158.146.0/23 # yandex.ru
93.158.148.0/22 # yandex.ru
95.108.128.0/17 # yandex.ru
95.108.128.0/24 # yandex.ru
95.108.152.0/22 # yandex.ru
95.108.216.0/23 # yandex.ru
95.108.240.0/21 # yandex.ru
95.108.248.0/23  # yandex.ru
178.154.128.0/17 # yandex.ru
178.154.160.0/22 # yandex.ru
178.154.164.0/23 # yandex.ru
199.36.240.0/22 # yandex.ru
213.180.192.0/19 # yandex.ru
213.180.204.0/24 # yandex.ru
213.180.206.0/23 # yandex.ru
213.180.209.0/24 # yandex.ru
213.180.218.0/23 # yandex.ru
213.180.220.0/23 # yandex.ru

Simply restart APF and Yandex will no longer be a problem (until they extend their network!).

Which SMTP server should I use to send email?

December 20, 2011

Sending Emails using SMTP

Many of our hosting accounts are provided with your own shared SMTP server based on your domain name however many ISPs are now blocking 3rd party SMTP use in an effort to control SPAM on their networks.

If you use a third-party SMTP server server based on your domain name it may be classed as a spam risk. Sometimes, only emails sent through a dedicated ISP SMTP server have the best chance of delivery.

Use your ISP SMTP Server for best performance

Your ISP (or Broadband provider) already supplies you with an SMTP server, this is provided as part of the service you are paying for. It can be confusing, so here is a list of popular ISPs and their SMTP servers.

AOL	smtp.aol.com
BT Yahoo!	mail.btinternet.com
BT Openworld	mail.btopenworld.com
BT Click	smtp.btclick.com
BusinessServe	smtp.businessserve.co.uk
Claranet	relay.clara.net
Demon	post.demon.co.uk
Easynet	smtp.easynet.co.uk
Freeserve	smtp.freeserve.co.uk
Global Internet	smtpmail.globalnet.co.uk
gmail	smtp.gmail.com
Go Daddy	smtpout.secureserver.net
Lineone	smtp.lineone.net
Lycos	smtp.lycos.co.uk
Mac.com	smtp.mac.com
Mistral	smtp.mistral.co.uk
Netscape	smtp.isp.netscape.com
Netscapeonline	mailhost.netscapeonline.co.uk
Nildram	smtp.nildram.co.uk
NTL	smtp.ntlworld.com
OneTel	mail.onetel.net.uk
Pipex (Dial)	smtp.dial.pipex.com
Pipex	smtp.dsl.pipex.com
Purplenet	smtp.purplenet.co.uk
Supanet	smtp.supanet.com
TalkTalk	smtp.talktalk.net
Telewest	smtp.blueyonder.co.uk
Tesco Net	mail.tesco.net
Tiscali	smtp.tiscali.co.uk
Totalise	mail.totalise.co.uk
UK Gateway	smtp.ukgateway.net
UK Superweb	smtp.uksuperweb.co.uk
Virgin	smtp.virgin.net
Waitrose	smtpmail.waitrose.com
Wanadoo (Orange)	smtp.wanadooadsl.net
yahoo.co.uk	smtp.mail.yahoo.co.uk
plusnet	relay.plus.net
BT Connect	smtp.btocnnect.com
O2	smtp.o2.co.uk
Post Office	smtp.mypostoffice.co.uk
Sky	smtp.tools.sky.com
Eclipse Internet	smtp.eclipse.co.uk
Madasafish	mail.madasafish.com
Orange	smtp.orange.net
Be*	smtp.bethere.co.uk
Griffin Internet	smtp.griffin.com
Hotchilli	smtp.hotchilli.net
Karoo	smtp.karoo.co.uk
Namesco	smtp.namesco.net
Scotnet	mail.scotnet.co.uk
Timewarp	mail.timewarp.co.uk
Zen Internet	mailhost.zen.co.uk

When to use mail.yourdomain.co.uk

Most of our tutorials show your email configuration using the SMTP server mail.yourdomain.co.uk, however, you should use your ISP SMTP server in its place for the best and most consistent results.

If your ISP does not provide you with an SMTP service, then try using mail.yourdomain.co.uk as your SMTP server, this will work for most email networks.

How do I setup email on my Android device?

December 20, 2011

So you want to setup your email on your new Android device? Don’t worry, it’s easy – we’ll have you up and running in 5 minutes. Just follow these steps…

Open your Android device email application
If you already have an email account set up, Press Menu and tap Accounts. Press Menu again and tap Add Account.
Type your email address and password then hit Next
Select IMAP to use your mail direct on the server. (Use POP if you want to permenantly download emails to your actual device rather than viewing them from the server.)

Incoming Server settings:

Username: your email address
Password: your password
IMAP server: mail.yourdomainnamehere.com
Port: 143
Security type: None
IMAP path prefix: leave blank

Outgoing server settings:

Most ISP do not allow 3rd party SMTP servers, so you will need to use that provided by your ISP, see here for more details: Find your ISP SMTP Server Name