Subject: Warning: 100 emails have just been sent by kuchingren

seachen

Verified User
Joined
Feb 3, 2007
Messages
497
The kuchingren account has just finished sending 100 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.

After some processing of the /etc/virtual/usage/kuchingren.bytes file, it was found that the highest sender was [email protected], at 101 emails.

The top authenticated user was kuchingren, at 101 emails.
This accounts for 101% of the emails. The higher the value, the more likely this is the source of the emails.
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.


The most common path that the messages were sent from is /, at 91 emails (91%).
The path value may only be of use if it's pointing to that of a User's home directory.
If the path is a system path, it likely means the email was sent through smtp rather than using a script.

This warning was generated because the 100 email threshold was hit.

================================
Automated Message Generated by DirectAdmin

may i know how to find out the problem? everyday this account send out a lot of email but the account owner tell me he not use the email service. why like that? is it some script auto spam mail out from his account?
 
Hello,

That's for sure, if you've got either admin access into directadmin (check Exim Mainlog on Log Viewer Page), or root shell access.
Note, as you've that warning some time ago, then the relevant data might be rotated, and in this case you'll definitely to SSH your server with superuser privileges and read Exim MainLog.

P.s. If you need somebody to investigate the issue for you, please feel free to contact us (me as well) privately.
 
Back
Top