The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam issues and not sure where to start.

Discussion in 'Security' started by chrissyb, Jan 4, 2013.

  1. chrissyb

    chrissyb Registered

    Dec 21, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Reseller Owner
    Hello all,

    There is so much information that I've been reading on how to deal with spam - the more I read the more confused I become, as I can't determine where my problem fits.

    Basically I can see that at least one of my user accounts is being used as a zombie account and a spammer is using false aliases to send spam, so it's creating, and seemingly sending these to legitimate e-mail addresses.

    My IP had been appearing on blacklists - and sometimes my legitimate emails are still being blocked - but at the moment I am on no blacklists.

    I have tried to implement all the restrictions I have read, on various sites and here of course:

    How to: Prevent Email Abuse

    This hasn't seemed to work which had made me thing I have got a rogue script running somewhere.

    I have tried to do something a little more involved and is perhaps the key to solving this but I ran:

    last -n 20

    In terminal and it has given me an IP located in Bulgaria that seems to be logging on to root. I have however changed my root password - it seems the last logon was on Dec 17th and started as early as August.

    Could this be one of my accounts, could they be hacking the WHM through their user account - how can I trace this and disable the account?

    This may not be the problem - but I don't see any other reason to be seeing this IP. How can I block this specific IP?

    Any pointers to help get me started - I appreciate it's a subject dealt with time and time again, but I'd really appreciate a specific response.



Share This Page