The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Since I upgraded CP I'm getting email attacks like mad. NOBODY etc... Need Advice TIA

Discussion in 'E-mail Discussions' started by LittleBrother, Sep 12, 2006.

  1. LittleBrother

    LittleBrother Registered

    Joined:
    Sep 12, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I am new and hope this is the correct location for this post. I appreciate any advice or guidance. I have computer background but I'm not heavy. I can usually chase down issues and fix them with some general guidance.

    I have tens of thousands of emails being sent from my server to other people with a Chase Manhattan phishing expedition email message inside it. I see these emails as they get returned from other servers on the web. They come in on nobody@*.com

    I've placed some deletion filters for Chase Manhattan in my control panel interface to try and slow them down. I cleaned out a few tmp folders on my system drive and I also poked around on my web space and deleted any pages used to contact us via email and a CGI script folder that went with it. I think I have my exim service stopped right now but the server has been rebooted and things seem quiet at this moment. I'm not sure if that's because of something I have done or the email attack has simply ceased fire for a moment.

    In the meantime I am wondering if my control panel upgrades recently have anything to do with this issue or if I am being hijacked somehow and can get some advice.



    ===========================================================

    NOTE: This is for the most part what one of the emails looks like..










    1GNAOZ-00046M-RH-H
    mailnull 47 12
    <>
    1158075715 0
    -ident mailnull
    -received_protocol local
    -body_linecount 25
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -localerror
    XX
    1
    nobody@server1.acousticplayermagazine.com

    186P Received: from mailnull by server1.acousticplayermagazine.com with local (Exim 4.52)
    id 1GNAOZ-00046M-RH
    for nobody@server1.acousticplayermagazine.com; Tue, 12 Sep 2006 11:41:59 -0400
    046 X-Failed-Recipients: 20npiwowarski@albion.edu
    031 Auto-Submitted: auto-generated
    078F From: Mail Delivery System <Mailer-Daemon@server1.acousticplayermagazine.com>
    046T To: nobody@server1.acousticplayermagazine.com
    059 Subject: Mail delivery failed: returning message to sender
    067I Message-Id: <E1GNAOZ-00046M-RH@server1.acousticplayermagazine.com>
    038 Date: Tue, 12 Sep 2006 11:41:55 -0400


    1GNAOZ-00046M-RH-D
    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    20npiwowarski@albion.edu
    SMTP error from remote mail server after RCPT TO:<20npiwowarski@albion.edu>:
    host cuda2.albion.edu [147.124.8.231]: 550 <20npiwowarski@albion.edu>:
    Recipient address rejected: unknown user <20npiwowarski@albion.edu>

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <nobody@server1.acousticplayermagazine.com>
    Received: from nobody by server1.acousticplayermagazine.com with local (Exim 4.52)
    id 1GNAOJ-00045Q-C6
    for 20npiwowarski@albion.edu; Tue, 12 Sep 2006 11:41:40 -0400
    To: 20npiwowarski@albion.edu
    Subject: Chase Bank Security Department Alert
    From: security@chase.com
    Content-Type: text/html
    X-Mailer:
    Message-Id: <E1GNAOJ-00045Q-C6@server1.acousticplayermagazine.com>
    Date: Tue, 12 Sep 2006 11:41:39 -0400

    <html><head><title>Chase Bank Security Email</title>
     
Loading...

Share This Page