i have searched many days in this forum about this thread, but could find anything...
I have a cpanel account that is sending about 20k emails / day, this account have a limit to 100 emails/hour, but this realy slow down my server all the time... thw emails is sending by the system account:
[email protected]
([email protected])
How can i block this to sending mail, or track from where it being sent?
i cant block this account, because its my main site, system and mails.
thanks in advanced
sorry poor english
greetings from brazil
----------------------------------
aditional info
this account has been hacked 1 time, but i have scanned all files by php mail() funtion and can't find anything suspicious;
my server is CentOS;
i have CSF and all the warnings in the check server security:
Check /dev/shm is mounted noexec,nosuid
Check /etc/cron.daily/logrotate for /tmp noexec workaround
Check /tmp is mounted as a filesystem
Check /var/tmp is mounted as a filesystem
Check Accounts that can access a cPanel user account
Check apache for FileETag
Check apache for FrontPage
Check apache for mod_security
Check apache for ServerSignature
Check apache for ServerTokens
Check apache for TraceEnable
Check Apache weak SSL/TLS Ciphers (SSLCipherSuite)
Check boxtrapper is disabled
Check cPanel login is SSL only
Check cPanel version
Check csf PT_SKIP_HTTP option
Check csf SAFECHAINUPDATE option
Check for cxs
Check incoming MySQL port
Check MySQL LOAD DATA disallows LOCAL
Check nameservers
Check php for ini_set disabled
Check php for Suhosin
Check Referrer Blank Security
Check Referrer Security
Check root forwarder
Check SMTP Tweak
Check SSH PasswordAuthentication
anything i can REALY need to do special atention?
thanks again
I have a cpanel account that is sending about 20k emails / day, this account have a limit to 100 emails/hour, but this realy slow down my server all the time... thw emails is sending by the system account:
[email protected]
([email protected])
How can i block this to sending mail, or track from where it being sent?
i cant block this account, because its my main site, system and mails.
thanks in advanced
sorry poor english
greetings from brazil
----------------------------------
aditional info
this account has been hacked 1 time, but i have scanned all files by php mail() funtion and can't find anything suspicious;
my server is CentOS;
i have CSF and all the warnings in the check server security:
Check /dev/shm is mounted noexec,nosuid
Check /etc/cron.daily/logrotate for /tmp noexec workaround
Check /tmp is mounted as a filesystem
Check /var/tmp is mounted as a filesystem
Check Accounts that can access a cPanel user account
Check apache for FileETag
Check apache for FrontPage
Check apache for mod_security
Check apache for ServerSignature
Check apache for ServerTokens
Check apache for TraceEnable
Check Apache weak SSL/TLS Ciphers (SSLCipherSuite)
Check boxtrapper is disabled
Check cPanel login is SSL only
Check cPanel version
Check csf PT_SKIP_HTTP option
Check csf SAFECHAINUPDATE option
Check for cxs
Check incoming MySQL port
Check MySQL LOAD DATA disallows LOCAL
Check nameservers
Check php for ini_set disabled
Check php for Suhosin
Check Referrer Blank Security
Check Referrer Security
Check root forwarder
Check SMTP Tweak
Check SSH PasswordAuthentication
anything i can REALY need to do special atention?
thanks again
Last edited:
