Page 1 of 1

Server may go down

Posted: Fri 05 Oct 2018 7:30 pm
by steve
I am being accused by Hetzner, who provide the dedicated server that I use for this web site and all of the web sites that I host for Cumulus users, of sending spam emails. Or rather, that this server is sending them. They have received spam reports citing this server's IP address as the originator.

I have checked mail logs, including the PHP mail logs, and can find no spam there. One example of the spam emails contains this in the headers:

X-PHP-Originating-Script: 72992:gospelers.php

Some of you may know what this means. It means that a user with ID 72992 sent the message using the PHP script gospelers.php. I do not have a user with ID 72992, nor is there a file called gospelers.php on the server anywhere.

I do not seem to be able to convince Hetzner that the emails are not coming from this server. Somehow, the IP address is apparently being spoofed.

Hetzner say that the server will be blocked in 4 days if the emails do not stop. As I cannot stop the emails, as they are not coming from this server, it seems that the server may actually be blocked in 4 days time.

This means that the Cumulus forum will not be available, nor will any of the web sites that I host for Cumulus users. I apologise for this, but there is apparently nothing I can do.