Knowledgebase

Portal Home > Knowledgebase > Articles Database > Server exploited by spammer

Server exploited by spammer

Posted by mstudios, 11-05-2012, 10:08 PM

Hello, We are using cPanel + Centos and Hive (1h.com products), and we are now receiving alert from CSF So we dont know from where this spammer are sending, we have our limit send per hour in 50; and we receive this alert every 5 minutes, how we can know who are making spam and how to stop it? Thanks for help

---

Posted by RRWH, 11-06-2012, 01:33 AM

check the mail log /var/log/exim_mainlog

---

Posted by backupgreen, 11-06-2012, 02:00 AM

Check daily processing log and sort it with CPU and Ram. Then check top resources usage logs and users carefully. Also check the cPanel Mail Queue Manager.

---

Posted by webhostmaniac, 11-06-2012, 04:24 AM

Run exim -bp and get a random message id, Then exim -Mvh Look at the header of the message to find the application sending the email assuming it's a script and not a hacked mail account. stat the offending script to get date information to assist in the aid of researching how it got there and then chmod 0 the script to disable it.

---

Add to Favourites    Print this Article

Duport Online Down (Views: 670)

Nexcess.net (Views: 651)

Nocster down? (Views: 710)

HELP ME! HTML form validate URL exists on submit! (Views: 594)

switching reseller account to new server (Views: 772)