Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Compromised email account

Discussion in 'E-mail Discussion' started by IRZQ88, Sep 19, 2016.

  1. IRZQ88

    IRZQ88 Active Member

    Joined:
    Sep 18, 2016
    Messages:
    25
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    Hello Guys...

    My server is sending some (actually quite a lot!) emails that i don't recognize, from one of my registered email.

    Then, when i checked the exim_mainlog i found this:
    Code:
    2016-09-18 03:40:07 1blMP8-00063g-T2 => rud*to <rud*to@prot*sindo.com> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <rud*to@prot*sindo.com> vZcACiaq3Vf4WQAAvfAJDw Saved"
    Just FYI, when i checked in WHM, all the emails are sent successfuly. And it sends the email with one of my registered email account (rud*to@prot*sindo.com), not another email outside my domain.

    So there are some of questions i want to ask:
    1. What does dovecot_virtual_delivery mean?
    2. Is it possible that somebody has succesfully cracked the email account password?
    3. Should i change the email account password?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If your email account sends out a single email to anyone and it wasn't you that sent it? Yes, you should change your email password.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. IRZQ88

    IRZQ88 Active Member

    Joined:
    Sep 18, 2016
    Messages:
    25
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    Yes you're right. That email account has been cracked by someone and he/she has changed the password so i cannot use that email. Fortunately in cPanel i can easily change the password. After that, my server stopped sending the spam.

    Thanks Infopro! :)
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,720
    Likes Received:
    98
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Probably also need to figure out how they compromised the email account's password in the first place. Because if you haven't fixed that, then simply changing the password is just going to be a temporary fix. They will likely use whatever method they used to initially crack the password to crack the new password.
     
  5. IRZQ88

    IRZQ88 Active Member

    Joined:
    Sep 18, 2016
    Messages:
    25
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    Hmmm... Yeah you're right. But i think they're using brute force attack. Because as i remember, the password for that email account is very very easy. No number and no special character. Only word! It's because the user of that email account is quite old (about 50yo) and he always want an easy password. Fuh!
     
  6. LostNerd

    LostNerd Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    258
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Hastings, East Sussex, UK
    cPanel Access Level:
    Root Administrator
    Twitter:
    Consider fully utilizing cPHulk, Password Strength Enforcement and potentially look at external cPanel plugins for firewalls too.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    728
    Likes Received:
    248
    Trophy Points:
    93
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    OMG - there is NO hope for us - I had better start planning my funeral :( and as for Infopro .........:eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 rpvw, Sep 20, 2016
    Last edited: Sep 20, 2016
    Infopro likes this.
  8. IRZQ88

    IRZQ88 Active Member

    Joined:
    Sep 18, 2016
    Messages:
    25
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    Sorry for the late reply...

    Yeah.. I've activate it now.. And i'm using APF firewall... Anyway, thanks for your suggestion... :D

    Hahahahahahaha.. :p
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice