The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

is server wide harvesting possible

Discussion in 'E-mail Discussions' started by keat63, Feb 27, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Maybe I'm being paranoid here.

    I can see a spam email trying to hit a few email addresses on my company domain.
    Searching through the reject list, and the same spam email has tried also tried to hit an email on my personal domain, which just happens to be on the same server.

    Is this pure co-incidence or is harvesting server wide email addresses possible ?
    Until recently, these two domains were on different servers, so this would never have been spotted.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's difficult to pinpoint exactly where or how a spammer harvested those email addresses. It's certainly possible if your server was rooted or exploited at some point in the past, but it's also possible that it's a widespread SPAM email that made it's way to both email addresses. It's also possible the domain name was obtained from a reverse WHOIS search, which will list all domain names hosted on a specific IP address.

    Thank you.
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Maybe i'm just being paranoid and over protective.

    Whilst it may have been compromised in the first few days of setting up, there were no domains on it worth worrying about.
    Just a test domain.
    I discovered CSF, and was also testing many different build scenarios, so decided the best course of action would be to rebuild it from scratch (just in case) then install CSF before adding any real domains.
    My personal domain was the first one on there, followed by the company domain a few weeks later.
    I watch every log like a hawk and i'm pretty confident in saying i don't believe it's been rooted or compromised.

    Just to test something, i've created a new email on my personal domain today, something you wouldn't expect to be used as an email address, something stupid.
    Lets see what happens
     
Loading...

Share This Page