hacked email server

James Eco

• December 10, 2021 06:20

Hello, seems that the email server was hacked. I can't send or receive emails in all domains so went to see what happens in my log files and I can see in the exim_mainlog activity that I do not recognize as well the file is growing every min Although there is no activity from my domains. I reset my WHM password and add the 2-factor authenticate with no issue login out and in again but as well I chanced the Cpanel user password and when trying to add the 2-factor authenticate in Cpanel so the app read the QR code but I can approve the app I getting wrong "Failed to set user configuration: The security code is invalid." What r my options? Thank u .

• 

  HostNoc

  • December 10, 2021 12:40

  Hi Can your please share your mail server logs HostNoc

  0
• 

  James Eco

  • December 10, 2021 12:56

  Thank u for your reply. Sir, there is a lot of data on the files. Is there a private option to share?

  0
• 

  HostNoc

  • December 10, 2021 13:32

  can you please put file on we transfer and share URl, are you sure your mail server hacked or your server is being compromised?

  0
• 

  James Eco

  • December 10, 2021 19:53

  I think compromised -

  0
• 

  Handssler Lopez

  • December 10, 2021 21:53

  I think compromised - develop@wordwpressplugins.com] at least put a password of at least 30 characters you have to immediately limit the options of: - Login - send mail - you should only allow the reception of emails Additional modifies the cPanel account settings and limits the sending of mail to at least 100 or depending on the client's usage per hour this in order to immediately block the sending for the account if the mail is compromised again. It is very important to verify how the account was compromised, scan the computer where the account is consulted with at least 2 antivirus and 1 antimalware, if the computer is not the infected one, it may have been due to a weak password, for example user1234 Another option is that some of the wordpress websites stored in the account have been compromised and they are sending it through one of them in order to know if it is this option, the ideal would be to be able to read one of the full headers of any of the mails sent. This was my contribution, I hope it has been helpful to you

  0
• 

  James Eco

  • December 12, 2021 10:33

  Hello, after trying several things to solve the issue I decided to reinstall the system I installed Cloudlinux with Cpanel... My question is if there is an article you can refer me to for more configuring and for servers with more security? Thank u

  0
• 

  cPanelAnthony

  • December 12, 2021 16:58

  Hello, after trying several things to solve the issue I decided to reinstall the system I installed Cloudlinux with Cpanel... My question is if there is an article you can refer me to for more configuring and for servers with more security? Thank u

  
  Hello! This article should help.

  0

Please sign in to leave a comment.