Hi all,
My company hosts 4 servers all running Apache cPanel/WHM. I have alerts set up to email us when a cPanel account is spamming. 3 Days ago I got a notification that an account was spamming and I am having trouble taming this beast ever since.
I have suspended the account while I work. I have used config server to scan and remove the scripts but they keep coming back when i unsuspend. All directory permissions and file permissions are correct at 755 and 644 respectively. They are being placed in the /images/ folder of and old Joomla 1.7 CMS. As I couldn't manage to get the client to upgrade I am stuck trying to fix this issue. I cant stop the scripts from being uploaded so I have tried adding a .htaccess to this folder to stop php scripts from running from here and it didnt work. (long shot i know)
I have tried adding hourly limits to the domain but this didn't work as I believe suPHP is sending the Emails from the [email protected] user.
I am running configserver mailscanner FE which usually is pretty good as blocking these beastys but it seems these phishing emails are getting through.
I have searched a number of forum posts here and I am quickly running out of ideas. Can anyone suggest how I should proceed.
tldr;
Old CMS is having scripts uploading to the images folder which I cant stop (only remove manually) and the [email protected] user is spamming from these script which I cant limit using WHM?
Any solutions or suggestions would be gratefully received.
My company hosts 4 servers all running Apache cPanel/WHM. I have alerts set up to email us when a cPanel account is spamming. 3 Days ago I got a notification that an account was spamming and I am having trouble taming this beast ever since.
I have suspended the account while I work. I have used config server to scan and remove the scripts but they keep coming back when i unsuspend. All directory permissions and file permissions are correct at 755 and 644 respectively. They are being placed in the /images/ folder of and old Joomla 1.7 CMS. As I couldn't manage to get the client to upgrade I am stuck trying to fix this issue. I cant stop the scripts from being uploaded so I have tried adding a .htaccess to this folder to stop php scripts from running from here and it didnt work. (long shot i know)
I have tried adding hourly limits to the domain but this didn't work as I believe suPHP is sending the Emails from the [email protected] user.
I am running configserver mailscanner FE which usually is pretty good as blocking these beastys but it seems these phishing emails are getting through.
I have searched a number of forum posts here and I am quickly running out of ideas. Can anyone suggest how I should proceed.
tldr;
Old CMS is having scripts uploading to the images folder which I cant stop (only remove manually) and the [email protected] user is spamming from these script which I cant limit using WHM?
Any solutions or suggestions would be gratefully received.
