HELP! My Server is being used for spam

iKHost

Member
Nov 2, 2002
9
0
151
Ok, yestersay I noticed exim cpu usage skyrocketting and many instances of it open. I have looked through the logs and it does not appear that someone is spamming through POP butr through a script. What can I do to identify the script used?
I know the times of actual attacks so I can trace it if this is needed.

Please help, right now I am restarting exim every half hour or so (oh it seems to start every 30 minutes too, where can I check to see what cron jobs my clients have scheduled)

TIA
 

iKHost

Member
Nov 2, 2002
9
0
151
IP?

I have an IP, how can I check to see if any of my clients have logged in using that IP? I already checked /etc/httpd/logs/access_log
 

iKHost

Member
Nov 2, 2002
9
0
151
nothing..

nothing there about that IP, is it possible one of my clients is using a mailing list to do this? How can I shut off lists?
 

Website Rob

Well-Known Member
Mar 23, 2002
1,504
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
/var/spool/exim/input and msglog

These two directories show no files at all on my Server -- is that correct? Seems there should be something in there.