Possible Script mail spammer on my website

AntaquaDiving

New member
Joined
Sep 20, 2019
Messages
2
I will probably not be the first or last who will post this issue.

I received the e-mail below.

What did I already tried:
- add some plugins to encrypt emailadresses that are on the website
- already using a contact form
- checked my website for unprotected emailadresses
- checked the "mail usage" and indeed it is exploding....

I googled already for this issue, but as I'm not very familiar with possible next steps I need some help
-How to detect if there is a script sending emails
- How to prevent this
- ...
If possible in very simple steps and language :)

I use the front end of direct admin to manage my websites, so I don't know how to run scripts etc .

Every help is appriciated


The email:


The xxxxxx account has just finished sending 1000 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.

After some processing of the /etc/virtual/usage/xxxxxx .bytes file, it was found that the highest sender was [email protected], at 5781 emails.

The top authenticated user was xxxxxx , at 6221 emails.
This accounts for 622% of the emails. The higher the value, the more likely this is the source of the emails.
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.


The most common path that the messages were sent from is /home/xxxxxx /domains/xxxxxx .net/public_html, at 802 emails (80%).
The path value may only be of use if it's pointing to that of a User's home directory.
If the path is a system path, it likely means the email was sent through smtp rather than using a script.

The top sending script was /home/xxxxxx /domains/xxxxxx .net/public_html/wp-includes/class-phpmailer.php:698, at 292 emails, (29%).



This warning was generated because the 1000 email threshold was hit.

================================
Automated Message Generated by DirectAdmin 1.58.2
 
The first link I also found, but it is to technical, no explanations where you need to run those scripts and how I can do that because the only thing I can access is the front end of DirectAdmin :-(
 
There are no much things you can do in Web-UI to address the issue:

1. read mail logs at admin level...
2. read web-server logs at user level


You have two options with DirectAdmin:

- become an admin and start learning SSH (How to use SSH)
- or hire an admin.
 
Back
Top