crystalfat

Member
Mar 3, 2015
7
0
1
cPanel Access Level
Root Administrator
Hello all,

I wonder if you could help me...
I have a server which has just had a site/domain hacked via php. The scripts were sending multiple emails from the site which soon queued up to over 500,000 and brought the server down before i realized. I have since flushed the Queue, fixed the malicious scripts and tightened up a few things in the WHM.

Now when i goto the view sent summary in the email section I am still rejecting thousands of emails to domain email accounts that simply don't exist. The server is rejecting them so that seems to be ok? but i wonder if i can put any further measures in place. All help is greatly appreciated.

I have copied some event details below. Most of them are from the same sender to the same recipient (who doesn't exist)

Please advise. Many thanks
(please note i added the ****** in places)

Event: rejected rejected
Sender User: -remote-
Sender Domain:
Sender: [email protected]
Sent Time: Mar 3, 2015 5:30:17 PM
Sender Host: .com
Sender IP: 2.2.2.2
Authentication: unauthorized
Spam Score: 0
Recipient: [email protected]**********.com
Delivered To:
deliveryuser: *****
deliverydomain: ******
Router: reject
Transport: **rejected**
Out Time: Mar 3, 2015 5:30:17 PM
ID: 1YSqeM-000Cc6-vM
Delivery Host: .com
Delivery IP: 1.1.1.1
Size: 0 bytes
Result: remote host address is the local host
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,229
463
Hello :)

The messages to non-existent email accounts are already rejected, so there's not much more you can do for that specific behavior other than blocking specific IP addresses that are sending the email in your firewall.

Thank you.