Spam email Accounts Auto Created

Operating System & Version
centos7
cPanel & WHM Version
v94.0.5

aadii786

Member
Feb 28, 2021
16
0
1
Pakistan
cPanel Access Level
Root Administrator
I'm using a VPS server hosted over 100+ Domain on.

The problem I'm facing is that it creating auto-new email accounts name smtp****@mydomain.com and smtpfox***mydomain.com these emails sending 1000's of emails on daily basis I'm not sure why and how to prevent it.

1) How I can delete all those emails with any single command that I can run as root.

I tried something like this
cat allaccounts.txt domain=${EMAIL#*@} account=$(/scripts/whoowns $domain) | while read EMAIL;do uapi --user=$account Email delete_pop email=$EMAIL;done
but now luck :-(

2) how I can prevent it in future ,, any suggestion in TweakSettings WHM.
 

Attachments

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
sounds like you've been compromised with anonymousfox.
I've no idea personally how you would delete these on mass, however, deleting them is only half the task, fixing the compromise will be equally as difficult.

 
  • Like
Reactions: cPDavidL

cPDavidL

Linux Analyst II
Oct 15, 2012
79
18
133
cPanel Access Level
Root Administrator
@keat63 seems to be on to something. I would encourage you to seek the assistance of a qualified security admin.

As for deleting them en masse, there is no readily available function to do so. One would need to

- List email accounts on a cPanel account: https://api.docs.cpanel.net/openapi/cpanel/operation/list_pops/
- Use grep to find only the "smtp" string you mentioned.
- Then once a list has been created, you can use a for-loop to iterate through the list to delete the accounts with the delete_pop uapi function: Delete email address · cPanel & WHM Developer Portal

This could be done with a carefully constructed one-liner. I would encourage you to test extensively on a development environment first.
 
  • Like
Reactions: cPRex
Thread starter Similar threads Forum Replies Date
T Licensing & Billing 3
Similar threads
Is SpamScan still a thing?