castris
Verified User
Hi.
I have a very serious problem where someone remotely is creating a random email account every day in a user account, and after creation, they send spam in groups of 5 emails.
The account is limited, and when the user sees that their email is blocked, they delete the account and create another one.
When I checked the login.log of DirectAdmin, to my surprise, the login is internal. It's the server's IP.
Any ideas?
NOTE: I searched in the user's path for CMD_EMAIL_POP in case there was any injection and they were using the API, but nothing comes up."
Best regards
I have a very serious problem where someone remotely is creating a random email account every day in a user account, and after creation, they send spam in groups of 5 emails.
The account is limited, and when the user sees that their email is blocked, they delete the account and create another one.
When I checked the login.log of DirectAdmin, to my surprise, the login is internal. It's the server's IP.
Any ideas?
NOTE: I searched in the user's path for CMD_EMAIL_POP in case there was any injection and they were using the API, but nothing comes up."
Best regards
