The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SMTP Restriction, SPAM Attacks

Discussion in 'E-mail Discussions' started by tmssyed, Aug 17, 2015.

  1. tmssyed

    tmssyed Registered

    Joined:
    Apr 16, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Saudia Arabia
    cPanel Access Level:
    Root Administrator
    I have recently disable "SMTP Restrictions".

    Problem is that now there is various attack from spammers.

    My server is sending spam email from a domain.

    these users doesn't have any email accounts either in the cpanel , still they are originating from my server.

    Event: success
    Sender User: domain-name
    Sender Domain: domain-name
    Sender: megan_parsons@domain-name ( this user doesn't exist in mail accounts )
    Sent Time: Aug 17, 2015 10:42:10 AM
    Sender Host: localhost
    Sender IP: 127.0.0.1
    Authentication: localuser


    Is the website compromised or my server ?

    Please advice for protection against these act .

    P.S i already have LFD
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,145
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    I think your website is sending mail through php mail function. May be your account compromised and due to that your site is sending all these mails. I will suggest you please update your web scripts to latest version and delete all unwanted files from your account.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The following command can help determine which account has the most email originating from it:

    Code:
    awk '/cwd=\/home\// {print $3}' /var/log/exim_mainlog|sort|uniq -c|sort -n
    The command checks /var/log/exim_mainlog for the paths of scripts in the /home directory that are sending emails, and then sorts them from highest to lowest, based on the number of emails found in the log from that path.

    Thank you.
     
Loading...

Share This Page