Portal Home > Knowledgebase > Articles Database > Server exploited by spammer
Server exploited by spammer
Posted by mstudios, 11-05-2012, 10:08 PM |
Hello,
We are using cPanel + Centos and Hive (1h.com products), and we are now receiving alert from CSF
So we dont know from where this spammer are sending, we have our limit send per hour in 50; and we receive this alert every 5 minutes, how we can know who are making spam and how to stop it?
Thanks for help
|
Posted by RRWH, 11-06-2012, 01:33 AM |
check the mail log /var/log/exim_mainlog
|
Posted by backupgreen, 11-06-2012, 02:00 AM |
Check daily processing log and sort it with CPU and Ram.
Then check top resources usage logs and users carefully.
Also check the cPanel Mail Queue Manager.
|
Posted by webhostmaniac, 11-06-2012, 04:24 AM |
Run exim -bp and get a random message id,
Then exim -Mvh
Look at the header of the message to find the application sending the email assuming it's a script and not a hacked mail account.
stat the offending script to get date information to assist in the aid of researching how it got there and then chmod 0 the script to disable it.
|
Add to Favourites Print this Article
Also Read
Nexcess.net (Views: 651)
Nocster down? (Views: 710)