The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WebSite Send SPAM Emails

Discussion in 'Security' started by dicataldi, Jul 30, 2014.

  1. dicataldi

    dicataldi Registered

    Joined:
    Jul 4, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Rio Claro (São Paulo), Brazil
    cPanel Access Level:
    Root Administrator
    Good afternoon,

    I'm with 1 server and everything's working OK, however for some reason 1 site for a client of mine is shooting several SPAM emails improperly without even owning account email created.

    I believe he use the privilege to localhost, how do I block someone that can tell me?


    Thank you!
    SPAM.png
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,774
    Likes Received:
    663
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you elaborate on this? What do you see in the message headers regarding how the message was sent?

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    941
    Likes Received:
    56
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    The e-mail is most likely being sent from a malicious .php script on that domain. It's very common for spam mailing scripts to spoof "from" addresses as names which don't exist as e-mail accounts on the compromised domain name.

    You should be able to find the process or files with "ps faux" (looking for processes owned by that users domain), or with a clamscan or maldet scan of that public_html.
     
  4. matthers

    matthers Member

    Joined:
    Jul 6, 2013
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have seen cases of spam emails being sent through the default email account(cpanel username), via webmail(127.0.0.1), the behavior resembling the one mentioned above.
    I would recommend changing the cPanel account password.
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    941
    Likes Received:
    56
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Yeah that can happen too.

    Headers, or exim_mainlog entries, would help a lot here.
     
Loading...

Share This Page