SMTP Restriction, SPAM Attacks

tmssyed

Registered
Apr 16, 2015
4
0
1
Saudia Arabia
cPanel Access Level
Root Administrator
I have recently disable "SMTP Restrictions".

Problem is that now there is various attack from spammers.

My server is sending spam email from a domain.

these users doesn't have any email accounts either in the cpanel , still they are originating from my server.

Event: success
Sender User: domain-name
Sender Domain: domain-name
Sender: [email protected] ( this user doesn't exist in mail accounts )
Sent Time: Aug 17, 2015 10:42:10 AM
Sender Host: localhost
Sender IP: 127.0.0.1
Authentication: localuser


Is the website compromised or my server ?

Please advice for protection against these act .

P.S i already have LFD
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
I think your website is sending mail through php mail function. May be your account compromised and due to that your site is sending all these mails. I will suggest you please update your web scripts to latest version and delete all unwanted files from your account.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,215
363
Hello :)

The following command can help determine which account has the most email originating from it:

Code:
awk '/cwd=\/home\// {print $3}' /var/log/exim_mainlog|sort|uniq -c|sort -n
The command checks /var/log/exim_mainlog for the paths of scripts in the /home directory that are sending emails, and then sorts them from highest to lowest, based on the number of emails found in the log from that path.

Thank you.