help stop emails
I cannot find what is sending out this email on the server. I have changed the password for the account. There is no such email account on the server for the user. I searched all files withing the account for PHPMailer and none exists. What else?
The account hhcards exists but there are no emails existing for the account.
- Removed -
-
I ran into a support issue once where we tried our hardest to find a PHP Mailer file that was sending strange mails all the time. We ran virus scans with ClamAV that came clean and couldn't find any evidence of a security breach. Come to find out the contact form on the website was being used, and it didn't have a Captcha. Not sure if this would be the same for you, but have you checked this over? I see you don't have a Captcha on the contact form for this website. Not all entries are required on the form, which would explain the missing information for stuff like Phone number in the full header you provided. And I don't think if the form uses PHP Mail() that the email account needs to exist. I think it's worth a look see. - Removed - 0 -
I will work on this. His site is using magento. when I did a scan grepping for PHPMailer I did not find anything in the code referring to PHPMailer. I searched for this because I see PHPMailer in the email header and not PHP Mail so I would not think it was from that form. I will however get that updated. Considering it has PHPMailer in the emails wouldn't that mean it was from PHPMailer somewhere in that account on the server. ( I used grep -ri PHPMailer * from root of that account ) 0 -
cPanelMichael, Thanks. Using the command awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
it lead me to a php script deep within the structure of the magento code in a css folder.0 -
I am happy to see the issue is now resolved. Thank you for updating us with the outcome. 0
Please sign in to leave a comment.
Comments
5 comments