paisley
Verified User
- Joined
- Aug 17, 2013
- Messages
- 60
Hello,
I have a client on my server he have 1 website with wordpress and also 1 e-mail.
The problem is that i think he is hacked and now the hacker keeps spamming.
I have searching in logs:
2014-01-15 23:38:07 1W2hgE-0006td-P1 ** ***@.com <*****@***.com> F=<> R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data
2014-01-15 23:38:17 1W2fJE-0005lF-Do Unfrozen by errmsg timer
2014-01-15 23:38:17 1W2fJE-0005lF-Do ** ***@*****.com F=<> R=virtual_aliases:
2014-01-15 23:38:17 1W2fJE-0005lF-Do newname@*****.com: error ignored
2014-01-15 23:38:17 1W2fJE-0005lF-Do Completed
I think he is creating own e-mail adress but without that it will shows in Directadmin.
I have also update my Exim to Version 4.82
I have also scan all his files with ClamAV: no result
And install /.php/mail.log but it keeps empty so he is not sending via the website i think (like mail() )
Can somebody help me out ?
I also see this in Exim Panic.Log: User 0 set for local_delivery transport is on the never_users list what is it ?
I have a client on my server he have 1 website with wordpress and also 1 e-mail.
The problem is that i think he is hacked and now the hacker keeps spamming.
I have searching in logs:
2014-01-15 23:38:07 1W2hgE-0006td-P1 ** ***@.com <*****@***.com> F=<> R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data
2014-01-15 23:38:17 1W2fJE-0005lF-Do Unfrozen by errmsg timer
2014-01-15 23:38:17 1W2fJE-0005lF-Do ** ***@*****.com F=<> R=virtual_aliases:
2014-01-15 23:38:17 1W2fJE-0005lF-Do newname@*****.com: error ignored
2014-01-15 23:38:17 1W2fJE-0005lF-Do Completed
I think he is creating own e-mail adress but without that it will shows in Directadmin.
I have also update my Exim to Version 4.82
I have also scan all his files with ClamAV: no result
And install /.php/mail.log but it keeps empty so he is not sending via the website i think (like mail() )
Can somebody help me out ?
I also see this in Exim Panic.Log: User 0 set for local_delivery transport is on the never_users list what is it ?
Last edited: