Unsolicited mails sent from my vps server

buyonlineindia

• October 12, 2014 09:12

Hi, I am new to VPS and trying to set up my server. Since quite some time I am facing an issue where my server is sending unsolicited emails. as sender @.com these email ids are not registered in my server. I have restricted the outgoing mail volumes as last resort after trying out all the email security measure like disabling exim (was desperate to stop), spamd, RBL, etc... did someone face this issue or does someone know what should be done to secure the server. T&R PG

• 

  triantech

  • October 13, 2014 07:27

  Hello, You might need to check for the mail queue and try to see if the mails are being sent from a single mail address which might be compromised or if its due to any insecure scripts from your

  0
• 

  mageshm

  • October 13, 2014 10:03

  @buyonlineindia, It seem's that the account got infected, So try below command it will clearly shows mail originator location and remove infected files and change password of account # grep "@.com" /var/log/exim_mainlog

  0
• 

  cPanelMichael

  • October 13, 2014 17:45

  Hello :) Check the account associated with that username for scripts with the ability to send out email. It's possible the user has uploaded a script for sending email and it's being used to send out SPAM. Thank you.

  0
• 

  buyonlineindia

  • October 21, 2014 12:45

  Hello, Thanks for the responses, I found the originator script and deleted it. Now it looks find as I don't see any unsolicited mails sent in the report and queue. Thanks to all and specially @mageshm Regards

  0
• 

  buyonlineindia

  • December 09, 2014 16:24

  Hi All, the problem was temporarily removed, the mails sending started again. I removed the file after changing all the passwords. The file db.php had some cryptic text and after removing the file there were no unsolicited mails sent. But after 10-15 days the sever creates the file again at public_html/libraries/joomla/filter and starts sending mails. Any help would be appreciated. T&R

  0
• 

  cPanelMichael

  • December 09, 2014 16:28

  The Security Advisor option in WHM (Home >> Security Center >> Security Advisor) is a good place to start when attempting to secure your server. This feature runs a security scan on your cPanel & WHM server and advises you how to resolve any security issues found. You may also want to review the domain access logs or the Apache access log for the time period it occurred to see if you can find additional details about how the account was exploited. Thank you.

  0

Please sign in to leave a comment.