AntaquaDiving
New member
- Joined
- Sep 20, 2019
- Messages
- 2
I will probably not be the first or last who will post this issue.
I received the e-mail below.
What did I already tried:
- add some plugins to encrypt emailadresses that are on the website
- already using a contact form
- checked my website for unprotected emailadresses
- checked the "mail usage" and indeed it is exploding....
I googled already for this issue, but as I'm not very familiar with possible next steps I need some help
-How to detect if there is a script sending emails
- How to prevent this
- ...
If possible in very simple steps and language
I use the front end of direct admin to manage my websites, so I don't know how to run scripts etc .
Every help is appriciated
The email:
The xxxxxx account has just finished sending 1000 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.
After some processing of the /etc/virtual/usage/xxxxxx .bytes file, it was found that the highest sender was [email protected], at 5781 emails.
The top authenticated user was xxxxxx , at 6221 emails.
This accounts for 622% of the emails. The higher the value, the more likely this is the source of the emails.
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.
The most common path that the messages were sent from is /home/xxxxxx /domains/xxxxxx .net/public_html, at 802 emails (80%).
The path value may only be of use if it's pointing to that of a User's home directory.
If the path is a system path, it likely means the email was sent through smtp rather than using a script.
The top sending script was /home/xxxxxx /domains/xxxxxx .net/public_html/wp-includes/class-phpmailer.php:698, at 292 emails, (29%).
This warning was generated because the 1000 email threshold was hit.
================================
Automated Message Generated by DirectAdmin 1.58.2
I received the e-mail below.
What did I already tried:
- add some plugins to encrypt emailadresses that are on the website
- already using a contact form
- checked my website for unprotected emailadresses
- checked the "mail usage" and indeed it is exploding....
I googled already for this issue, but as I'm not very familiar with possible next steps I need some help
-How to detect if there is a script sending emails
- How to prevent this
- ...
If possible in very simple steps and language
I use the front end of direct admin to manage my websites, so I don't know how to run scripts etc .
Every help is appriciated
The email:
The xxxxxx account has just finished sending 1000 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.
After some processing of the /etc/virtual/usage/xxxxxx .bytes file, it was found that the highest sender was [email protected], at 5781 emails.
The top authenticated user was xxxxxx , at 6221 emails.
This accounts for 622% of the emails. The higher the value, the more likely this is the source of the emails.
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.
The most common path that the messages were sent from is /home/xxxxxx /domains/xxxxxx .net/public_html, at 802 emails (80%).
The path value may only be of use if it's pointing to that of a User's home directory.
If the path is a system path, it likely means the email was sent through smtp rather than using a script.
The top sending script was /home/xxxxxx /domains/xxxxxx .net/public_html/wp-includes/class-phpmailer.php:698, at 292 emails, (29%).
This warning was generated because the 1000 email threshold was hit.
================================
Automated Message Generated by DirectAdmin 1.58.2