Exploit maybe in vbulletin.Problem is spam being send out from Apache sendmail.

IN PROGRESS
Bids
4
Avg Bid (USD)
$12 / hr
Project Budget (USD)
$8 - $15 / hr

Project Description:
Spam is being send out from sendmail and my hosting company believes it is originating from vbulletin forum.

Had older version of vbulletin and upgraded to latest 4.2.1 version to stop the spamming. It dident stop it.
I implemented various security features like:
Explain what you see on random custom made picture.
Rename of register.php to derail spam-bots that are hard coded to search for default vbulletin installs.
Spam-O-matic that will check on stopforumspam.com before letting user register.
Delay mod that jail bot that fills out forum under 25 sec.

The above mods dident stop the Apache sendmail spamming.

Have had a Tier3 Engineer from the hosting company to help and they concluded from hours of monitoring the server apache logs that the spam is originating from vbulletin but not sure how to plug the hole.

All possible measures is done in vbulletin admin with usergroups ,no email features allowed and, no email link to friend etc

Have been reading numerous posts on vbulletin.com and vbulletin.org about security in general in vbulletin and this is as tight as it can be but the hole to let bots/spammers access sendmail on the server is still open and i need to plug that hole so no more spam is possible to send out from the server.

Server is a Linux OSCentos.
Server does not have open relay. Obvious things are already checked by hosting company Engineers.
Server was scanned clean with Securi
Malware scan done by hosting and came back clean

Requirements:
You are familiar with ways spammers abuse servers sendmail and know how to easily plug those holes.
You have experience with vbulletin and how spammers are abusing sendmail.
You can start immediately.

Hours of work: Unspecified Project Duration: < 1 week Skills required:
Apache, MySQL, PHP, Web Security
Hire BussDK
Project posted by:
BussDK Denmark
Verified
Public Clarification Board
Bids are hidden by the project creator. Log in as the employer to view bids or to bid on this project.
You will not be able to bid on this project if you are not qualified in one of the job categories. To see your qualifications click here.


Hire RotexDev
$12 / hr
Hours: 6 hr/ week
$14 / hr
Hours: 15 hr/ week
$10 / hr
Hours: 8 hr/ week
$12 / hr
Hours: 3 hr/ week