WebSite Send SPAM Emails

dicataldi

• July 30, 2014 11:54

Good afternoon, I'm with 1 server and everything's working OK, however for some reason 1 site for a client of mine is shooting several SPAM emails improperly without even owning account email created. I believe he use the privilege to localhost, how do I block someone that can tell me? Thank you! .vB

• 

  cPanelMichael

  • July 31, 2014 12:56

  [quote="dicataldi, post: 1698132">I believe he use the privilege to localhost, how do I block someone that can tell me?
  Hello :) Could you elaborate on this? What do you see in the message headers regarding how the message was sent? Thank you.

  0
• 

  quizknows

  • July 31, 2014 20:14

  The e-mail is most likely being sent from a malicious .php script on that domain. It's very common for spam mailing scripts to spoof "from" addresses as names which don't exist as e-mail accounts on the compromised domain name. You should be able to find the process or files with "ps faux" (looking for processes owned by that users domain), or with a clamscan or maldet scan of that public_html.

  0
• 

  matthers

  • July 31, 2014 20:20

  I have seen cases of spam emails being sent through the default email account(cpanel username), via webmail(127.0.0.1), the behavior resembling the one mentioned above. I would recommend changing the cPanel account password.

  0
• 

  quizknows

  • July 31, 2014 20:25

  [quote="matthers, post: 1699341">I have seen cases of spam emails being sent through the default email account(cpanel username), via webmail(127.0.0.1), the behavior resembling the one mentioned above. I would recommend changing the cPanel account password.
  Yeah that can happen too. Headers, or exim_mainlog entries, would help a lot here.

  0

Please sign in to leave a comment.