WebSite Send SPAM Emails

[dicataldi]

Good afternoon,

I'm with 1 server and everything's working OK, however for some reason 1 site for a client of mine is shooting several SPAM emails improperly without even owning account email created.

I believe he use the privilege to localhost, how do I block someone that can tell me?


Thank you!

 

[cPanelMichael]

I believe he use the privilege to localhost, how do I block someone that can tell me?

Hello

Could you elaborate on this? What do you see in the message headers regarding how the message was sent?

Thank you.

 

[quizknows]

The e-mail is most likely being sent from a malicious .php script on that domain. It's very common for spam mailing scripts to spoof "from" addresses as names which don't exist as e-mail accounts on the compromised domain name.

You should be able to find the process or files with "ps faux" (looking for processes owned by that users domain), or with a clamscan or maldet scan of that public_html.

 

[matthers]

I have seen cases of spam emails being sent through the default email account(cpanel username), via webmail(127.0.0.1), the behavior resembling the one mentioned above.
I would recommend changing the cPanel account password.

 

[quizknows]

I have seen cases of spam emails being sent through the default email account(cpanel username), via webmail(127.0.0.1), the behavior resembling the one mentioned above.
I would recommend changing the cPanel account password.

Yeah that can happen too.

Headers, or exim_mainlog entries, would help a lot here.