Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

help stop emails

Discussion in 'E-mail Discussion' started by asmithjr, May 28, 2015.

  1. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    507
    Likes Received:
    4
    Trophy Points:
    168
    I cannot find what is sending out this email on the server. I have changed the password for the account. There is no such email account on the server for the user. I searched all files withing the account for PHPMailer and none exists. What else?
    The account hhcards exists but there are no emails existing for the account.

    - Removed -
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 asmithjr, May 28, 2015
    Last edited by a moderator: May 28, 2015
  2. Andrew W

    Andrew W Member

    Joined:
    Apr 3, 2015
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I ran into a support issue once where we tried our hardest to find a PHP Mailer file that was sending strange mails all the time. We ran virus scans with ClamAV that came clean and couldn't find any evidence of a security breach.

    Come to find out the contact form on the website was being used, and it didn't have a Captcha.

    Not sure if this would be the same for you, but have you checked this over? I see you don't have a Captcha on the contact form for this website.

    Not all entries are required on the form, which would explain the missing information for stuff like Phone number in the full header you provided. And I don't think if the form uses PHP Mail() that the email account needs to exist. I think it's worth a look see.

    - Removed -
     
    #2 Andrew W, May 28, 2015
    Last edited by a moderator: May 28, 2015
  3. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    507
    Likes Received:
    4
    Trophy Points:
    168
    I will work on this. His site is using magento. when I did a scan grepping for PHPMailer I did not find anything in the code referring to PHPMailer. I searched for this because I see PHPMailer in the email header and not PHP Mail so I would not think it was from that form. I will however get that updated.
    Considering it has PHPMailer in the emails wouldn't that mean it was from PHPMailer somewhere in that account on the server. ( I used grep -ri PHPMailer * from root of that account )
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    507
    Likes Received:
    4
    Trophy Points:
    168
    cPanelMichael,
    Thanks. Using the command
    Code:
    awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
    
    it lead me to a php script deep within the structure of the magento code in a css folder.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    I am happy to see the issue is now resolved. Thank you for updating us with the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice