Stop PHP nobody Spammers Published: Apr 07, 2005
  • Rating

    3/5

Setup SSL Tutorial teaches you how to generate and setup a SSL certificate. Assuming you have apache and openssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR

Setup SSL Tutorial teaches you how to generate and setup a SSL certificate.
Assuming you have apache and openssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR.

Generating RSA & CSR (Signing Request)

[root@yupapa root]#
[root@yupapa root]# cd /etc/httpd/conf/ssl.key

OPTION 1: Generating a RSA private key without a passphrase (ME recommended)
[root@yupapa /etc/httpd/conf/ssl.key]# openssl genrsa -out MYdomain.com.key 1024

OPTION 2: Generating a RSA private key with a passphrase. You will be prompted to enter a passphrase right after you hit enter.
[root@yupapa /etc/httpd/conf/ssl.key]# openssl genrsa -des3 -out MYdomain.com.key 1024

You should NOT generate the RSA private key with a passphrase if you have scripts that restart apache automatically. If you have, then apache just sit there and wait for the script to input the passphrase which is a mess!
There is a method that you can disable the passphrase to prompt when you restart apache which I'll show you later~

Next generate the CSR using the RSA Private Key

[root@yupapa /etc/httpd/conf/ssl.csr]# openssl req -new -key MYdomain.com.key -out MYdomain.com.csr
[root@yupapa /etc/httpd/conf/ssl.csr]# mv MYdomain.com.csr ../ssl.csr

You will be asked to enter your Common Name, Organization, Organization Unit, City or Locality, State or Province and Country.
Do not enter these characters '< > ~ ! @ # $ % ^ * / ( ) ?.,&' because they will not be accepted.

Common Name: the domain for the web server (e.g. MYdomain.com)
Organization: the name of your organization (e.g. YUPAPA)
Organization Unit: the section of the organization (e.g. Sales)
City or Locality: the city where your organzation is located (e.g. Flanders)
State or Province: the state / province where your organzation is located (e.g New Jersey)
Country: the country where your organzation is located (e.g US)

You may be asked for emeow address and challenge challenge password. I just hit enter when I generate the csr~

Now you should have:
/etc/httpd/conf/ssl.key/MYdomain.com.key
/etc/httpd/conf/ssl.csr/MYdomain.com.csr

Make a backup copy of your private key! If you lose it, you have to purchase a new cert!

Now you should submit your csr and they will mail you the certificate.


Installing the Certificate for Apache

[root@yupapa root]# cd /etc/httpd/conf/ssl.crt

Copy the certificate that they mailed you to MYdomain.com.crt
Open your httpd.conf file and place the following to your virtualhost


<VirtualHost 123.456.789.123:443>
... some config like DocumentRoot , etc..
SSLEngine  on
SSLCertificateFile /etc/httpd/conf/ssl.crt/MYdomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/MYdomain.com.key
</VirtualHost>

Restart apache
OPTION 1 [root@yupapa /etc/httpd/conf/ssl.crt]# apachectl restart
OPTION 2 (using the sh script) [root@yupapa /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart


You may be asked to enter the passphrase IF you generated the RSA with a passphrase. If you do NOT want to be asked for a passphrase when restarting apache, re-generate your RSA key file.
[root@yupapa /etc/httpd/conf/ssl.crt]# cd ../ssl.key
[root@yupapa /etc/httpd/conf/ssl.key]# mv MYdomain.com.key MYdomain.com.key.has-passphrase
[root@yupapa /etc/httpd/conf/ssl.key]# openssl rsa -in MYdomain.com.key.has-passphrase -out MYdomain.com.key

And then restart apache again
[root@yupapa /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart

Now you should be able to access https://MYdomain.com ~ And Finally make sure those directories and files are only writable and readable by root!

Written by YUPAPA - http://www.yupapa.com

  • Rating

    3/5

Related Articles

Comments (58)

  • Gravatar - Jerry404
    Jerry404 08:41, April 10, 2005
    Could you put example spam_log output? I think i got it to work on Redhat9/Cpanel system, however information recorded seems to be limited to Date/Location of the script. Which is a lot anyway, howeve rlooking at the $variables in the script I expected more info.
  • Gravatar - VexT
    VexT 18:57, April 13, 2005
    Wed Apr 13 12:45:01 EDT 2005 - 69.x.x.x ran ./horde/imp/compose.php at www.website.org n - - - -<br />
    Wed Apr 13 12:47:39 EDT 2005 - 209.x.x.x ran /process.php at www.website.com n - -<br />
  • Gravatar - Haloweb
    Haloweb 14:06, April 14, 2005
    I tried to get this working on Redhat9/Cpanel but although it recorded all the php sendmail attempts it was not sending the actual mail - any ideas ?
  • Gravatar - ScottsdaleHosting
    ScottsdaleHosting 09:59, April 19, 2005
    Haloweb,<br />
    <br />
    Did you move the original /usr/sbin/sendmail to /usr/sbin/sendmail.hidden exactly as it stated in the tutorial. You have to rename your actual sendmail file to sendmail.hidden because the new spam catching sendmail script is calling upon sendmail.hidden to actually do the delivering of the message.
  • Gravatar - VexT
    VexT 07:15, May 1, 2005
    The spam_log doesn't seem to have any line breaks. Great stuff especially if that could be addressed.
  • Gravatar - Snowman
    Snowman 11:38, May 2, 2005
    Great tute.<br />
    <br />
    For adding the log to logrotate will the following work?<br />
    <br />
    /var/log/spam_log {<br />
    missingok<br />
    postrotate<br />
    endscript<br />
    }<br />
    <br />
    and if so should this be added to the bottom of logrotate.conf or to the /etc/logrotate.d/exim file????
  • Gravatar - Snowman
    Snowman 03:14, May 14, 2005
    Unfortunately this hack stopped working for no apparent reason after about 24 hours, all mail was lost wiht nothign getting thru at all until i removed it :(<br />
    <br />
    Its a pity cause it was a great idea.
  • Gravatar - Steve
    Steve 03:38, May 17, 2005
    Did you ensure you did <br />
    chattr + i /usr/sbin/sendmail<br />
    and also check the permissions? It sounds like Cpanel did an automatic update and overwrote your changes.
  • Gravatar - Craig
    Craig 18:07, May 22, 2005
    Hello<br />
    <br />
    This is a nice tutorial, but some things: <br />
    <br />
    (1) If we are disabling the NOBODY user, then how exactly should we modify out MAIL() functions in PHP code? This has not been addressed. If we clearly specify the SMTP.MYDOMAIN.COM in our PHP code, will that work?<br />
    <br />
    (2) How exactly can we add the EXIM file to logrotate? I use cPanel 10.0.0-R161 . <br />
    <br />
    Thanks, and if you reply, kindly send a note to my email address as well. <br />
    <br />
    CM
  • Gravatar - Steve
    Steve 17:21, May 25, 2005
    You can add the following to get it rotating.<br />
    <br />
    pico /etc/logrotate.conf<br />
    <br />
    # SPAM LOG rotation<br />
    /var/log/spam_log {<br />
    monthly<br />
    create 0777 root root<br />
    rotate 1<br />
    }<br />
    <br />
    Article updated with this as well.
  • Gravatar - Andrew
    Andrew 16:50, June 1, 2005
    As someone mentioned, can line breaks be added to make the logs more readable?<br />
    <br />
    Thanks.
  • Gravatar - Andrew
    Andrew 17:58, June 2, 2005
    **UPDATE** this tutorial does not work!! It will break the PHP mailer function, no mail got delivered for any of our clients while using this hack.<br />
    <br />
    Andrew
  • Gravatar - Vincent
    Vincent 22:29, June 13, 2005
    To add the linebreak, simply change<br />
    <br />
    print INFO "$date - $PWD - @infon";<br />
    <br />
    to<br />
    <br />
    print INFO "$date - $PWD - @infon /n/n";
  • Gravatar - Mak
    Mak 02:02, June 16, 2005
    it working fine, but there should be more enhancement, How about destination email <br />
    and what about generating rss feed of new spams?
  • Gravatar - Mark
    Mark 02:20, June 16, 2005
    How about more improvment like <br />
    1) Destination email <br />
    2) user<br />
    3) script path<br />
    and then generating RSS file of the result <br />
    would it be cool and useful ?<br />
  • Gravatar - mic
    mic 06:45, June 16, 2005
    I tried to get this working on Redhat9 but although it recorded all the php sendmail attempts it was not sending the actual mail and not restart sendmail - any ideas ?
  • Gravatar - Susan
    Susan 06:51, June 16, 2005
    I tried to get this working on Redhat9 but although it recorded all the php sendmail attempts it was not sending the actual mail and not restart sendmail
  • Gravatar - PHP
    PHP 22:52, June 25, 2005
    When running this:<br />
    chattr + i /usr/sbin/sendmail<br />
    <br />
    It gives:<br />
    chattr: No such file or directory while trying to stat i<br />
    <br />
    I have verified that the file exists by opening it.<br />
    <br />
    What can be done?
  • Gravatar - dt
    dt 11:47, July 3, 2005
    To PHP: just remove the space between + and i and it will work.
  • Gravatar - behzad
    behzad 15:17, July 9, 2005
    This hack only delivers to local emails. an error occuring when try to send mail out, like yahoo mail:<br />
    <br />
    xxxxx@yahoo.com R=fail_remote_domains: unrouteable<br />
    mail domain "yahoo.com"<br />
    <br />
  • Gravatar - ogy
    ogy 22:55, July 12, 2005
    it would be chattr +i /usr/bin/sendmail
  • Gravatar - MCT
    MCT 22:20, July 24, 2005
    PHP -- get rid of the space between the + and the i, should look like:<br />
    chattr +i /usr/sbin/sendmail<br />
    <br />
    Got this working well, but started getting these silly messages like "- - user x 33333 33334 /home/user /usr/local/cpanel/bin/noshell" in the log file. Little snooping and it turned out to be message forwards to emails on the same server set up by clients in cpanel. Very scary at first, as it looks like spammer activity!
  • Gravatar - someone
    someone 09:49, July 31, 2005
    You people do know that this is VERY insecure and not properly written, right?<br />
    <br />
    Do me a favor and just do this as root:<br />
    <br />
    perl -le 'print getpwudi($<);'<br />
    <br />
    You will see roots password hash.<br />
    <br />
    perl -le '$,=":"; @info = getpwnam((getpwuid($<))[0]); delete(@info[1]); print @info;'<br />
    root::0:0:::root:/root:/bin/bash<br />
    <br />
    well well, isn't that better.<br />
    <br />
    and what's up with this 0777 crap? sense when does a logfile need to have execute permissions anyways?<br />
    <br />
    What needs to be done here is use the syslog facility.<br />
    <br />
    Please people, do not blindly use scripts from the internet without knowing what they are doing first.
  • Gravatar - Stephen
    Stephen 20:48, September 5, 2005
    How can i uninstall this script?<br />
    <br />
    My clientexec script stop sending invoice...
  • Gravatar - Yujin
    Yujin 08:28, September 9, 2005
    To uninstall the script, do<br />
    <br />
    rm -f /usr/sbin/sendmail<br />
    mv /usr/sbin/sendmail.hidden /usr/sbin/sendmail<br />
  • Gravatar - M.A
    M.A 12:00, October 5, 2005
    I cannot send a mail from PHP program with mail() function .<br />
    <br />
    What should I do ?
  • Gravatar - Taz
    Taz 01:25, October 21, 2005
    Mine logs aswell ( not cleanly no line breaks) but the email doesnt get delivered. plz help
  • Gravatar - hz
    hz 00:01, October 26, 2005
    I can´t see anymore spam_log, only appears: - - - - - instead /home/user/script.cgi
  • Gravatar - Thomas
    Thomas 17:49, November 22, 2005
    Hi<br />
    hmm, I just implemented your script and it is working perfectly. thanks<br />
    <br />
    The output I have is like<br />
    Tue Nov 22 17:29:20 CET 2005 - 127.0.0.1 ran at xx.xx.xxx.xx n<br />
    (only hide my ip)<br />
    could somebody explain me what that means?
  • Gravatar - Tamouh
    Tamouh 03:53, November 24, 2005
    Additionally, you can monitor EXIM logs and find out which script path initiated the spam by adding this line in the start of your EXIM config file (This should be al in one line):<br />
    <br />
    log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error<br />
  • Gravatar - emeric Olenga
    emeric Olenga 12:57, November 30, 2005
    how to clean up tail - f /var/log/spam_log when is big?
  • Gravatar - Bhavik
    Bhavik 12:47, December 2, 2005
    If we are disable the NOBODY user, then how exactly should we modify out MAIL() functions in PHP code. Can anybody help me out?
  • Gravatar - Lukas
    Lukas 15:41, December 20, 2005
    i got a logs like this one: how i can locate a spammer ?<br />
    <br />
    myip nTue Dec 20 14:32:46 CET 2005 - 83.29.68.195 ran at<br />
    myip nTue Dec 20 14:33:12 CET 2005 - 83.29.68.195 ran at<br />
    myip nTue Dec 20 14:33:19 CET 2005 - 83.29.68.195 ran at<br />
  • Gravatar - Cem
    Cem 18:57, December 29, 2005
    Hi,<br />
    <br />
    Thank you for that great tutorial. Can you make it more advanced?
  • Gravatar - SAINT
    SAINT 03:54, January 22, 2006
    If you are running Cpanel you can do the same thing clicking "tweak settings" under Server Configurations. This fixed the Spam problem and did not break the mail scripts.<br />
  • Gravatar - jayesh
    jayesh 09:23, February 21, 2006
    please reply this query <br />
    <br />
    i m using mail function to send mails in php they get sent in bulk folder.<br />
    i want to send them in inbox <br />
    how do i do <br />
    help????<br />
  • Gravatar - Hitesh Kachru
    Hitesh Kachru 20:16, February 26, 2006
    Can this be done on Qmail with Plesk CP. How to do this in Qmail?
  • Gravatar - kailas
    kailas 08:38, April 5, 2006
    but how will I know that there is PHP nobody Spammers and I have to do the above . please assist me with this
  • Gravatar - Prabash32
    Prabash32 16:30, April 9, 2006
    This article is of great use for us...<br />
    working fine on our servers...<br />
    mmmmmm Great..!!!!!!!!!<br />
    <br />
    <br />
    Thanks<br />
  • Gravatar - Nixon Girard
    Nixon Girard 23:24, April 16, 2006
    SENSATIONAL
  • Gravatar - codeunix
    codeunix 16:26, April 29, 2006
    i have a big problem, i cant send any email, i get Mail delivery system error that emai lwas not delivered, please help me out :(<br />
    <br />
    thanks
  • Gravatar - bobby
    bobby 12:36, May 15, 2006
    hi,<br />
    just curiose, why do i see sendmail processes for users even if they have no script installed that use sendmail?<br />
    <br />
    Thanks
  • Gravatar - ME
    ME 18:02, May 16, 2006
    I get this error when i log as root<br />
    /usr/sbin/sendmail: Exec format error
  • Gravatar - Me
    Me 21:12, May 31, 2006
    Yujin <br />
    To uninstall the script, do<br />
    <br />
    rm -f /usr/sbin/sendmail<br />
    mv /usr/sbin/sendmail.hidden /usr/sbin/sendmail<br />
    ============================<br />
    <br />
    rm: cannot remove `/usr/sbin/sendmail': Operation not permitted<br />
    root@home [~]#<br />
    <br />
    any soluation ???<br />
  • Gravatar - Steve
    Steve 01:34, June 1, 2006
    chattr -i sendmail myabe?<br />
    Or try lsattr sendmail to see if it has any special permissions set. You might have to shut down the mail server beforeyou can remove it if a process is using that it won't be able to remove.
  • Gravatar - Richard
    Richard 16:09, June 21, 2006
    Has anyone tried the above changes using Dovecot, instead of sendmail? I can't really find info about that :-(
  • Gravatar - justin
    justin 07:18, July 10, 2006
    The idea is great. But nobone has futher explained the need for 0777 for the logs.<br />
    isn't that a point.(by someone)<br />
    <br />
    :)<br />
    <br />
  • Gravatar - Rafal
    Rafal 02:17, February 3, 2007
    Great article! Im using this on every my server
  • Gravatar - Edward
    Edward 23:07, April 23, 2007
    I cant get this to log or send mail out. It just fails! Anyone got any experience as to why?<br />
    <br />
    System: Fedora Core 3<br />
    Mail: Postfix
  • Gravatar - abdalla
    abdalla 19:31, July 26, 2007
    it`s not working<br />
    <br />
    not secure<br />
    <br />
    just read ur exim logs and throw it away<br />
    <br />
    bye
  • Gravatar - ldaap
    ldaap 08:38, September 24, 2007
    This script does not work with plesk panel, becouse when i implemented the server stop send emails by this way
  • Gravatar - behnam sarfarazi
    behnam sarfarazi 15:07, December 12, 2007
    how i can to know who is spammer in the log ?
  • Gravatar - Dennis
    Dennis 21:54, December 14, 2007
    Great script. Works for all my servers, except for the new one.<br />
    <br />
    The new one with newest Plesk/Qmail will fail to send mail using this script.
  • Gravatar - matt
    matt 19:22, February 7, 2008
    This looks a bit outdated, but the script has a few errors.<br />
    <br />
    Please note @infon looks as though it should be @info\n <note the slash in front of the trailing n. It looks like the html does not display the slashes.
  • Gravatar - Edward
    Edward 00:37, April 27, 2008
    Hi,<br />
    <br />
    I'm trying to add the line break in the spam log, But it is not working. I changed the line:<br />
    print INFO "$date - $PWD - @infon";<br />
    to<br />
    print INFO "$date - $PWD - @infon /n/n";<br />
    But not working. :-(<br />
    <br />
    Also can we see the exact script/file name in the log like the one described by VexT<br />
    <br />
    VexT<br />
    Wed Apr 13 12:45:01 EDT 2005 - 69.x.x.x ran ./horde/imp/compose.php at www.website.org n - - - -<br />
    Wed Apr 13 12:47:39 EDT 2005 - 209.x.x.x ran /process.php at www.website.com n - -<br />
    <br />
    I am only getting only the corresponding directory and not file. Please see the results from my server:<br />
    <br />
    # tail -f /var/log/spam_log<br />
    Sun Apr 27 01:16:54 EEST 2008 - /home/rbeg/public_html/err - Sun Apr 27 01:17:01 EEST 2008 - /home/rbeg/public_html/err - Sun Apr 27 01:17:01 EEST 2008 - / - Sun Apr 27 01:17:40 EEST 2008<br />
    <br />
    Please advice.<br />
    <br />
    Thanks.
  • Gravatar - Randy Henderson
    Randy Henderson 02:21, November 19, 2008
    This seems dated, none of the "this works great" comments had a date (the last one said Apr 27 from the logs but who knows what year). Since cPanel 11 I am not sure this would work.<br />
    <br />
    But the jewel in reading all this was Tamouh's post. This works great with putting who sent the email through the exim log where it should be.<br />
    <br />
    The only difference between what Tamouh post and what I am using is I also added +subject to my configuration.<br />
    <br />
    November 2008
  • Gravatar - J. ADAM
    J. ADAM 03:20, March 17, 2010
    I'm newbe here on that, how can see the log file where???<br />
    no idea <br />
    thank you for help me
  • Gravatar - Andras
    Andras 17:02, September 29, 2010
    For those who have trouble sending mail after installing this script:

    1) sendmail IS the program that mails the mails
    2) you replace that program with a script that instead of sending the mail writes a log of who is sending
    3) this way you can see WHO is sending
    4) after you killed off that WHO you should remove the script and restore the original sendmail file so that it can send the mails
    5) you should also probably empty the queue if it is full of spam

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2018 WebHostGear.com