Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Since I upgraded CP I'm getting email attacks like mad. NOBODY etc... Need Advice TIA

Discussion in 'E-mail Discussion' started by LittleBrother, Sep 12, 2006.

  1. LittleBrother

    LittleBrother Registered

    Joined:
    Sep 12, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    151
    Hi,

    I am new and hope this is the correct location for this post. I appreciate any advice or guidance. I have computer background but I'm not heavy. I can usually chase down issues and fix them with some general guidance.

    I have tens of thousands of emails being sent from my server to other people with a Chase Manhattan phishing expedition email message inside it. I see these emails as they get returned from other servers on the web. They come in on nobody@*.com

    I've placed some deletion filters for Chase Manhattan in my control panel interface to try and slow them down. I cleaned out a few tmp folders on my system drive and I also poked around on my web space and deleted any pages used to contact us via email and a CGI script folder that went with it. I think I have my exim service stopped right now but the server has been rebooted and things seem quiet at this moment. I'm not sure if that's because of something I have done or the email attack has simply ceased fire for a moment.

    In the meantime I am wondering if my control panel upgrades recently have anything to do with this issue or if I am being hijacked somehow and can get some advice.



    ===========================================================

    NOTE: This is for the most part what one of the emails looks like..










    1GNAOZ-00046M-RH-H
    mailnull 47 12
    <>
    1158075715 0
    -ident mailnull
    -received_protocol local
    -body_linecount 25
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -localerror
    XX
    1
    nobody@server1.acousticplayermagazine.com

    186P Received: from mailnull by server1.acousticplayermagazine.com with local (Exim 4.52)
    id 1GNAOZ-00046M-RH
    for nobody@server1.acousticplayermagazine.com; Tue, 12 Sep 2006 11:41:59 -0400
    046 X-Failed-Recipients: 20npiwowarski@albion.edu
    031 Auto-Submitted: auto-generated
    078F From: Mail Delivery System <Mailer-Daemon@server1.acousticplayermagazine.com>
    046T To: nobody@server1.acousticplayermagazine.com
    059 Subject: Mail delivery failed: returning message to sender
    067I Message-Id: <E1GNAOZ-00046M-RH@server1.acousticplayermagazine.com>
    038 Date: Tue, 12 Sep 2006 11:41:55 -0400


    1GNAOZ-00046M-RH-D
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    20npiwowarski@albion.edu
    SMTP error from remote mail server after RCPT TO:<20npiwowarski@albion.edu>:
    host cuda2.albion.edu [147.124.8.231]: 550 <20npiwowarski@albion.edu>:
    Recipient address rejected: unknown user <20npiwowarski@albion.edu>

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <nobody@server1.acousticplayermagazine.com>
    Received: from nobody by server1.acousticplayermagazine.com with local (Exim 4.52)
    id 1GNAOJ-00045Q-C6
    for 20npiwowarski@albion.edu; Tue, 12 Sep 2006 11:41:40 -0400
    To: 20npiwowarski@albion.edu
    Subject: Chase Bank Security Department Alert
    From: security@chase.com
    Content-Type: text/html
    X-Mailer:
    Message-Id: <E1GNAOJ-00045Q-C6@server1.acousticplayermagazine.com>
    Date: Tue, 12 Sep 2006 11:41:39 -0400

    <html><head><title>Chase Bank Security Email</title>
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice