Posts Tagged ‘Security’

Mail from Nobody

No Comments »

Quite a few cPanel servers run PHP in DSO mode. What this means is you’ll see
your mail queue fill with mail from “nobody@host.hostname.tld”. This can be
quite annoying that you now have hundreds if not thousands of messages spamming
out coming from your servers IP address.

Typical your first reaction is to blame your host; following that you start looking how
to stop it; well its not only annoying but frustrating because first and for most
your servers main shared IP is now on quite a few block lists. Congratulations!

Now you’re trying to figure out how to prevent it? Well for one its difficult
to track down which PHP process was doing it; if you have tech support through
your host you can ask them to assist you in tracking this down. While this is not
a guarantee one tweak may prevent this from happening.

Main >> Server Configuration >> Tweak Settings

Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)

This will prevent any PHP script from successfully sending mail via Apache. You will probably see your
mail queue fill as your users try to send mail via this process. Mail comes from the nobody user as
typically this is the user that the Apache service runs as.

Have you thought about SuPHP?