The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Random Email Accounts Appearing

Discussion in 'E-mail Discussions' started by atlantishd, Aug 24, 2013.

  1. atlantishd

    atlantishd Registered

    Joined:
    Jul 16, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hi,
    I am not sure If this is an email or security issue but I thought I would start with email.
    I run a server with around 28 sites, mostly running Joomla 2.5 but a few with the old 1.5 which are being upgraded.
    I went to add a new email account to a client’s account today and noticed several random accounts had already been created, the client has not added them, and I have not, I have checked the other users on the server and it seems that a lot of the sites have these random accounts, I thought is was due to Joomla 1.5 being unsecure now, but some of these clients are not even running a CMS?

    Server details:
    Centos 6.4
    WHM 11.38.2 (build 3)


    Any thoughts please would be very much appreciated.
    Thanks,

    Tim
     
  2. Rhuan

    Rhuan Active Member

    Joined:
    Nov 10, 2010
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hi :)

    Your computer or of your client is infected, to create mail accounts we need to access cPanel, if this is a Joomla due the cracker/hacker can deface your site or inject files...

    Please reinstall your OS and change all passwords (the same for your client)...
     
  3. atlantishd

    atlantishd Registered

    Joined:
    Jul 16, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the reply, due to the server being very outdated I am moving to a new server anyway. I did have an issue a few months ago when clamd failed, but that was fixed. I can only assume that these are a result of that issue. I plan to use cpanel backups and restore to move clients to the new server, I will check all acocunts files first, but if I find nothing can I assume this issue should not follow?

    Thanks

    Tim
     
  4. atlantishd

    atlantishd Registered

    Joined:
    Jul 16, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Sorry just to add, these email accounts appear to be on every single user account on the server. Root has no access to users cpanels, csf is installed, ssh port is non standard and all clients passwords are cpanel generated ones that score no less then 95.

    Is there an area where I should be focusing on where this could have happend?

    Thanks again

    Tim
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    root, has access to everything. Just because the option to enter a users cPanel via WHM is disabled, does not stop root from having access to the account. root has access to the entire server.

    If you're unsure of the way forward, you might like to know about the cPanel Application Catalog where there are listings for SysAdmin services:
    cPanel App Catalog
     
Loading...

Share This Page