We use WHM to manage a multitude of our websites. One of these sites appear to have a vulnerability somewhere that is allowing a file to either be uploaded or created in the accounts public_html folder, which is them attempting to send spam out.
As Im not a developer or have a huge knowledge of Linux, I am at a bit of a loss on how to track down what is allowing the uploading/creation of the file. I suspect once the file is there, the hacker/bot/whatever is simply opening the url for the file which then causes it to start sending spam using the local mail server.
As a workaround I thought I might have been able to change the public_html folder to read only, but that broke the website its running. I also thought I might be able to configure the mail server to dump the emails as its using the full domain as the sender address - whilst we send emails from this host, its from a different domain - but I do not know where to begin for that.
I realise this is unlikely to be WHMs fault, rather the poor coding of the website but I hope someone here can point me in the right direction to stop this.
As Im not a developer or have a huge knowledge of Linux, I am at a bit of a loss on how to track down what is allowing the uploading/creation of the file. I suspect once the file is there, the hacker/bot/whatever is simply opening the url for the file which then causes it to start sending spam using the local mail server.
As a workaround I thought I might have been able to change the public_html folder to read only, but that broke the website its running. I also thought I might be able to configure the mail server to dump the emails as its using the full domain as the sender address - whilst we send emails from this host, its from a different domain - but I do not know where to begin for that.
I realise this is unlikely to be WHMs fault, rather the poor coding of the website but I hope someone here can point me in the right direction to stop this.