The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spamming from the server.

Discussion in 'General Discussion' started by desiguru, Jun 8, 2010.

  1. desiguru

    desiguru Well-Known Member

    Joined:
    Aug 27, 2008
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    6
    Someone has been sending spam messages from my server. Is there any way I can figure out who might have done this?
     
  2. henrynowa39

    henrynowa39 Member

    Joined:
    Dec 16, 2009
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Citrus Heights, CA
    cPanel Access Level:
    Root Administrator
    i would like to now this as well
     
  3. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    You need to check your mail logs - /var/log/exim_mainlog.
     
    #3 vanessa, Jun 8, 2010
    Last edited: Jun 16, 2010
  4. garrettp

    garrettp Well-Known Member
    PartnerNOC

    Joined:
    Jun 18, 2004
    Messages:
    312
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    1. Open Exim Advanced Configuration Editor in the WHM, add:
      Code:
      log_selector = +all
    2. Get the message ID from one of the spam messages
    3. Search for the message ID in the mail log:
      Code:
      grep <message-ID> /var/log/exim_mainlog
    4. Look for particulars such as A=fixed_login:user@domain.com (someone is spamming through that email account) or cwd=/home/user/public_html/exploited_script.php (insecure script allowing spam to be relayed)
    5. Change account password, notify user, or secure/delete/prevent access to the exploited script
     
Loading...

Share This Page