Outgoing Spam via PHP Scripts

wsadams · Jan 11, 2017

I have 2 accounts on my VPS (which I own) that I'm having problems with. Every day, a new PHP script is uploaded to a different directory in these 2 accounts. That file sends out hundreds of emails before i find it and remove it.

So far, I've:

- Disabled FTP on both accounts
- Checked SSH history (its disabled except for root)
- Changed the cpanel password.

They occasionally use the DEFAULT cpanel email to send outgoing email as well.

1. How else could someone be uploading these scripts?
2. What else can I do to track down who or what is doing this.

Thanks in advance

cPanelMichael · Jan 11, 2017

Hello,

You should first ensure any scripts uploaded to those accounts are updated to the most recent versions available from the vendor. Additionally, ensure to enable the options referenced on the following document:

How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
E	I"m so tired of our mail server IPs being blacklisted -- What are "best practices" for prventing outgoing spam?	Email	4	Apr 7, 2021
E	Is admin notified of outgoing emails filtered by spam assassin?	Email	2	Apr 7, 2021
E	Possible to enable "scan outgoing mail for spam" exim option PER ACCOUNT?	Email	1	Apr 7, 2021
P	Spamassassin not logging outgoing email	Email	9	Apr 7, 2021
T	Block outgoing spam mails via body or other features	Email	1	Jul 21, 2012

Search

Search

Outgoing Spam via PHP Scripts

wsadams

Registered

cPanelMichael

Administrator