Hello,
i discovered my VPS has high load. Normal is 5.0, this was 43.0.
iostat -a returned there are several webmaild processes so it pointed me to mail issue direction. So i checked mailqueue and found alot of spam mails there going to various russian mailboxes.
When i examined whole mail headers thru mailqueue manager, i did not found which cpanel account sends it. So my question how i can find it?
WHM »
Email »
View Sent Summary
gives very good overview, it found that one account has:
successfull: 6
deferral: 21
failures: 894
i found in that account public_html directory there are various new folders with injected index.php content like:
i discovered my VPS has high load. Normal is 5.0, this was 43.0.
iostat -a returned there are several webmaild processes so it pointed me to mail issue direction. So i checked mailqueue and found alot of spam mails there going to various russian mailboxes.
When i examined whole mail headers thru mailqueue manager, i did not found which cpanel account sends it. So my question how i can find it?
WHM »
Email »
View Sent Summary
gives very good overview, it found that one account has:
successfull: 6
deferral: 21
failures: 894
i found in that account public_html directory there are various new folders with injected index.php content like:
when i do stat of one of these injected index.php, it shows:
Please any idea which commands to do to discover how this file was injected, so i can fix the hole? or which ip did this, which log file to examine by which commands? thanks alot
