« Previous Next »

• 10-13-2008, 8:56 AM

  scott@one Joined on 10-13-2008, 8:48 AM Posts 2

  How do I determine which web site is the SPAM source Reply Contact IIS 6.0, Windows Server 2003 web edition We have a windows server hosting about 2,000 web sites. More specifically we have a load-balanced web farm composed of numerous servers but only one is curretnly affected.  I have been notified by my network admin that this server is the source of a SPAM attack. In looking through the SMTP logs, sure enough I see the average daily log size of less than 1 MB to 500MB within a day. The logs capture all available fields in the SMTP config. I can see the destination addresses but I am not aware of anything else in there that can help me identify the offending web site.  The  SMTP virtual Server is setup to allow any anonymous requests from localhost and it relays these requests to our enterprise smtp servers. Unfortunately I am told that the SMTP logs at the enterprise are not too helpful because of our complicated network architecture. Therefore, it looks like I will have to isolate this on the server itself. Its a monday morning and I am drawing some serious blanks. Any ideas?

• 10-13-2008, 10:27 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 6:27 AM Central NJ Posts 6,188	Re: How do I determine which web site is the SPAM source Reply Contact Start here: http://www.google.com/search?hl=en&safe=active&rls=GGLG%2CGGLG%3A2006-01%2CGGLG%3Aen&q=site%3Asupport.microsoft.com+iis+smtp+open+relay&btnG=Search Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 10-14-2008, 8:03 AM

  In reply to

  scott@one Joined on 10-13-2008, 8:48 AM Posts 2

  Re: How do I determine which web site is the SPAM source Reply Contact Thanks man. In order to make the necessary changes it will require some re-work on our end.  I guess what I am looking for in the short-term is a method to idenify which web site on this shared server is the source of the SPAM. I am relatively certain that the offender is a FrontPage-enabled web site. So far, I have gone through web site log files doing searches on logs containing POST, references to _vti directories but nothing has turned up.  Any suggestions on how to nail the culprit?