LinkBack URL
About LinkBacksSomeone has been sending spam messages from my server. Is there any way I can figure out who might have done this?
Spamming from the server.
Someone has been sending spam messages from my server. Is there any way I can figure out who might have done this?
i would like to now this as well
You need to check your mail logs - /var/log/exim_mainlog.
Last edited by vanessa; 06-16-2010 at 08:24 AM.
- Open Exim Advanced Configuration Editor in the WHM, add:
Code:log_selector = +all- Get the message ID from one of the spam messages
- Search for the message ID in the mail log:
Code:grep <message-ID> /var/log/exim_mainlog- Look for particulars such as A=fixed_login:user@domain.com (someone is spamming through that email account) or cwd=/home/user/public_html/exploited_script.php (insecure script allowing spam to be relayed)
- Change account password, notify user, or secure/delete/prevent access to the exploited script
NDCHost (ProVPS): Xen VPS / Dedicated / Co-Location
Contact us for your cPanel Licensing needs! We price match, provide better support, and take care of our customers!
Reply With Quote