Compromised email account
Hello Guys...
My server is sending some (actually quite a lot!) emails that i don't recognize, from one of my registered email.
Then, when i checked the exim_mainlog i found this:
Just FYI, when i checked in WHM, all the emails are sent successfuly. And it sends the email with one of my registered email account (rud*to@prot*sindo.com), not another email outside my domain. So there are some of questions i want to ask: 1. What does dovecot_virtual_delivery mean? 2. Is it possible that somebody has succesfully cracked the email account password? 3. Should i change the email account password?
2016-09-18 03:40:07 1blMP8-00063g-T2 => rud*to R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 vZcACiaq3Vf4WQAAvfAJDw Saved"Just FYI, when i checked in WHM, all the emails are sent successfuly. And it sends the email with one of my registered email account (rud*to@prot*sindo.com), not another email outside my domain. So there are some of questions i want to ask: 1. What does dovecot_virtual_delivery mean? 2. Is it possible that somebody has succesfully cracked the email account password? 3. Should i change the email account password?
-
. Should i change the email account password?
If your email account sends out a single email to anyone and it wasn't you that sent it? Yes, you should change your email password.0 -
If your email account sends out a single email to anyone and it wasn't you that sent it? Yes, you should change your email password.
Yes you're right. That email account has been cracked by someone and he/she has changed the password so i cannot use that email. Fortunately in cPanel i can easily change the password. After that, my server stopped sending the spam. Thanks Infopro! :)0 -
Probably also need to figure out how they compromised the email account's password in the first place. Because if you haven't fixed that, then simply changing the password is just going to be a temporary fix. They will likely use whatever method they used to initially crack the password to crack the new password. 0 -
Probably also need to figure out how they compromised the email account's password in the first place. Because if you haven't fixed that, then simply changing the password is just going to be a temporary fix. They will likely use whatever method they used to initially crack the password to crack the new password.
Hmmm... Yeah you're right. But i think they're using brute force attack. Because as i remember, the password for that email account is very very easy. No number and no special character. Only word! It's because the user of that email account is quite old (about 50yo) and he always want an easy password. Fuh!0 -
Hmmm... Yeah you're right. But i think they're using brute force attack. Because as i remember, the password for that email account is very very easy. No number and no special character. Only word! It's because the user of that email account is quite old (about 50yo) and he always want an easy password. Fuh!
Consider fully utilizing cPHulk, Password Strength Enforcement and potentially look at external cPanel plugins for firewalls too.0 -
user of that email account is quite old (about 50yo)
OMG - there is NO hope for us - I had better start planning my funeral :( and as for Infopro .........:eek:0 -
Consider fully utilizing cPHulk, Password Strength Enforcement and potentially look at external cPanel plugins for firewalls too.
Sorry for the late reply... Yeah.. I've activate it now.. And i'm using APF firewall... Anyway, thanks for your suggestion... :DOMG - there is NO hope for us - I had better start planning my funeral :( and as for Infopro .........:eek:
Hahahahahahaha.. :p0
Please sign in to leave a comment.
Comments
7 comments