Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

email alerts

Discussion in 'E-mail Discussion' started by adibranch, Apr 7, 2009.

  1. adibranch

    adibranch Member

    Joined:
    Apr 7, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    51
    hi all :) great forums !

    anyway, i've got a VPS with a few accounts on it. I recently brought over a site from another less reliable and less secured server.

    All is fine, but this site flags up warning on CSF as follows, normally two or three a day..

    HTML:
    Suspicious process running under user security
    Executable:
    
    /usr/bin/perl
    Command Line (often faked in exploits):
    spamd child
    HTML:
      Excessive resource usage: security (1405)
    Account:      security
    Resource:     Process Time
    Exceeded:     12643 > 1800 (seconds)
    Executable:   /usr/bin/perl
    Command Line: spamd child
    
    'security' is obviously the name of the account.

    In the mail rejection logs, i'm also seeing "Rejected MAIL: "REJECTED - Bad HELO - Host impersonating (security account domain)" relating to that account. I'm not seeing this for any other account on the server.

    My hosts say this is nothing to worry about, and 'perhaps this account see's more spam than others'. I'm not so sure. I know the alertis coming from the spamassassin perl script triggering CSF, but why only this account and none of the other 25 odd? They all receive spam to some degree.

    Is it possible the security account is being compromised in some way?
     
    #1 adibranch, Apr 7, 2009
    Last edited: Apr 7, 2009
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,338
    Likes Received:
    402
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You might try the CSF forums where there are many topics about these email alerts.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice