help stop emails

A

asmithjr

Well-Known Member
Jun 13, 2003
516
8
168
I cannot find what is sending out this email on the server. I have changed the password for the account. There is no such email account on the server for the user. I searched all files withing the account for PHPMailer and none exists. What else?
The account hhcards exists but there are no emails existing for the account.

- Removed -
 
Last edited by a moderator:
Andrew W

Andrew W

Member
Apr 3, 2015
9
1
3
USA
cPanel Access Level
Root Administrator
I ran into a support issue once where we tried our hardest to find a PHP Mailer file that was sending strange mails all the time. We ran virus scans with ClamAV that came clean and couldn't find any evidence of a security breach.

Come to find out the contact form on the website was being used, and it didn't have a Captcha.

Not sure if this would be the same for you, but have you checked this over? I see you don't have a Captcha on the contact form for this website.

Not all entries are required on the form, which would explain the missing information for stuff like Phone number in the full header you provided. And I don't think if the form uses PHP Mail() that the email account needs to exist. I think it's worth a look see.

- Removed -
 
Last edited by a moderator:
A

asmithjr

Well-Known Member
Jun 13, 2003
516
8
168
I will work on this. His site is using magento. when I did a scan grepping for PHPMailer I did not find anything in the code referring to PHPMailer. I searched for this because I see PHPMailer in the email header and not PHP Mail so I would not think it was from that form. I will however get that updated.
Considering it has PHPMailer in the emails wouldn't that mean it was from PHPMailer somewhere in that account on the server. ( I used grep -ri PHPMailer * from root of that account )
 
A

asmithjr

Well-Known Member
Jun 13, 2003
516
8
168
cPanelMichael,
Thanks. Using the command
Code: 
awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
it lead me to a php script deep within the structure of the magento code in a css folder.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
I am happy to see the issue is now resolved. Thank you for updating us with the outcome.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S Urgent - Need help to stop email SPAM! Email 1
B Need help to stop outgoing email SPAM! Email 40
A spamd failed - Need help stopping this email coming to me Email 4
C "Has not been previously delivered" & "Stop Processing Rules" - help wanted Email 2
L Please Help!!! Emails stopped working! Email 2
Similar threads
Urgent - Need help to stop email SPAM!
Need help to stop outgoing email SPAM!
spamd failed - Need help stopping this email coming to me
"Has not been previously delivered" & "Stop Processing Rules" - help wanted
Please Help!!! Emails stopped working!
Top Bottom