The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

help stop emails

Discussion in 'E-mail Discussions' started by asmithjr, May 28, 2015.

  1. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    475
    Likes Received:
    1
    Trophy Points:
    18
    I cannot find what is sending out this email on the server. I have changed the password for the account. There is no such email account on the server for the user. I searched all files withing the account for PHPMailer and none exists. What else?
    The account hhcards exists but there are no emails existing for the account.

    - Removed -
     
    #1 asmithjr, May 28, 2015
    Last edited by a moderator: May 28, 2015
  2. Andrew W

    Andrew W Member

    Joined:
    Apr 3, 2015
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I ran into a support issue once where we tried our hardest to find a PHP Mailer file that was sending strange mails all the time. We ran virus scans with ClamAV that came clean and couldn't find any evidence of a security breach.

    Come to find out the contact form on the website was being used, and it didn't have a Captcha.

    Not sure if this would be the same for you, but have you checked this over? I see you don't have a Captcha on the contact form for this website.

    Not all entries are required on the form, which would explain the missing information for stuff like Phone number in the full header you provided. And I don't think if the form uses PHP Mail() that the email account needs to exist. I think it's worth a look see.

    - Removed -
     
    #2 Andrew W, May 28, 2015
    Last edited by a moderator: May 28, 2015
  3. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    475
    Likes Received:
    1
    Trophy Points:
    18
    I will work on this. His site is using magento. when I did a scan grepping for PHPMailer I did not find anything in the code referring to PHPMailer. I searched for this because I see PHPMailer in the email header and not PHP Mail so I would not think it was from that form. I will however get that updated.
    Considering it has PHPMailer in the emails wouldn't that mean it was from PHPMailer somewhere in that account on the server. ( I used grep -ri PHPMailer * from root of that account )
     
  4. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    475
    Likes Received:
    1
    Trophy Points:
    18
    cPanelMichael,
    Thanks. Using the command
    Code:
    awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
    
    it lead me to a php script deep within the structure of the magento code in a css folder.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page