The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Compromised email account

Discussion in 'E-mail Discussions' started by IRZQ88, Sep 19, 2016.

  1. IRZQ88

    IRZQ88 Member

    Joined:
    Sep 18, 2016
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    1
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    Hello Guys...

    My server is sending some (actually quite a lot!) emails that i don't recognize, from one of my registered email.

    Then, when i checked the exim_mainlog i found this:
    Code:
    2016-09-18 03:40:07 1blMP8-00063g-T2 => rud*to <rud*to@prot*sindo.com> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <rud*to@prot*sindo.com> vZcACiaq3Vf4WQAAvfAJDw Saved"
    Just FYI, when i checked in WHM, all the emails are sent successfuly. And it sends the email with one of my registered email account (rud*to@prot*sindo.com), not another email outside my domain.

    So there are some of questions i want to ask:
    1. What does dovecot_virtual_delivery mean?
    2. Is it possible that somebody has succesfully cracked the email account password?
    3. Should i change the email account password?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,456
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If your email account sends out a single email to anyone and it wasn't you that sent it? Yes, you should change your email password.
     
  3. IRZQ88

    IRZQ88 Member

    Joined:
    Sep 18, 2016
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    1
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    Yes you're right. That email account has been cracked by someone and he/she has changed the password so i cannot use that email. Fortunately in cPanel i can easily change the password. After that, my server stopped sending the spam.

    Thanks Infopro! :)
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Probably also need to figure out how they compromised the email account's password in the first place. Because if you haven't fixed that, then simply changing the password is just going to be a temporary fix. They will likely use whatever method they used to initially crack the password to crack the new password.
     
  5. IRZQ88

    IRZQ88 Member

    Joined:
    Sep 18, 2016
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    1
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    Hmmm... Yeah you're right. But i think they're using brute force attack. Because as i remember, the password for that email account is very very easy. No number and no special character. Only word! It's because the user of that email account is quite old (about 50yo) and he always want an easy password. Fuh!
     
  6. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    Consider fully utilizing cPHulk, Password Strength Enforcement and potentially look at external cPanel plugins for firewalls too.
     
  7. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    120
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    OMG - there is NO hope for us - I had better start planning my funeral :( and as for Infopro .........:eek:
     
    #7 rpvw, Sep 20, 2016
    Last edited: Sep 20, 2016
    Infopro likes this.
  8. IRZQ88

    IRZQ88 Member

    Joined:
    Sep 18, 2016
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    1
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    Sorry for the late reply...

    Yeah.. I've activate it now.. And i'm using APF firewall... Anyway, thanks for your suggestion... :D

    Hahahahahahaha.. :p
     
Loading...

Share This Page