James Eco

Active Member
Dec 2, 2020
33
3
8
Israel
cPanel Access Level
Root Administrator
Hello, seems that the email server was hacked. I can't send or receive emails in all domains so went to see what happens in my log files and I can see in the exim_mainlog activity that I do not recognize as well the file is growing every min Although there is no activity from my domains.
I reset my WHM password and add the 2-factor authenticate with no issue login out and in again but as well I chanced the Cpanel user password and when trying to add the 2-factor authenticate in Cpanel so the app read the QR code but I can approve the app I getting wrong "Failed to set user configuration: The security code is invalid."

What r my options?
Thank u
.
 
Last edited:

Handssler Lopez

Well-Known Member
Apr 30, 2019
86
29
18
Guatemala
cPanel Access Level
Root Administrator
I think compromised - exim_mainlog
Apparently the domain the account that was compromised was [wordwpressplugins.com] what you should do is change the password of the cPanel account, and the email [[email protected]] at least put a password of at least 30 characters you have to immediately limit the options of:

- Login
- send mail
- you should only allow the reception of emails

Additional modifies the cPanel account settings and limits the sending of mail to at least 100 or depending on the client's usage per hour this in order to immediately block the sending for the account if the mail is compromised again.

It is very important to verify how the account was compromised, scan the computer where the account is consulted with at least 2 antivirus and 1 antimalware, if the computer is not the infected one, it may have been due to a weak password, for example user1234

Another option is that some of the wordpress websites stored in the account have been compromised and they are sending it through one of them in order to know if it is this option, the ideal would be to be able to read one of the full headers of any of the mails sent.

This was my contribution, I hope it has been helpful to you
 

James Eco

Active Member
Dec 2, 2020
33
3
8
Israel
cPanel Access Level
Root Administrator
Hello, after trying several things to solve the issue I decided to reinstall the system I installed Cloudlinux with Cpanel...
My question is if there is an article you can refer me to for more configuring and for servers with more security?
Thank u
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,046
111
118
Houston, TX
cPanel Access Level
Root Administrator