aikigi

Registered
Oct 18, 2013
2
0
1
cPanel Access Level
Root Administrator
Hello,

I'm new to this forum and don't have advanced knowledge with WHM/cpanel, but I definitively want to learn.

A while back I got hacked. I believe I corrected the problem but since I receive a lot of cPHulK login attempts (which I black list...)

Now I got hacked again!! But I don't understand what going on. Following is an example of the email I get:

[REMOVED EMAIL]

The website mentioned was a testing site. I deleted it, I also cleared the email queue in WHM and changed password from this account but I still receive that email.

As it shows to be delivery failure email, could it be just be a delivery failure message from sent email before I delete the email queue? but it's been 3 days.

If not what can I do? What step should I follow to found out where is the problem.

Thank you very much for your help.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

It's likely a bounce message from a failed delivery that was sent out when the account was spamming. I recommend monitoring the /var/log/exim_mainlog and your mail queue to make sure additional messages are not sending out from that account. The following document is also helpful:

cPanel - Prevent Email Abuse

Thank you.
 

aikigi

Registered
Oct 18, 2013
2
0
1
cPanel Access Level
Root Administrator
Hello,

Thank you very much for your advise. I will way a little and see if it does stop. I also look at the documentation again. I think the attack happen through my testing site so hopefully the measure I took will be enough.

I was also wondering where I could find a good course to learn how to use WHM/cPanel. Would you have a recommendation?

Sincerely.