Hello,
Today i see in the Directadmin info but i don't send any email:/ I changed password updates application.. etc and find ip from china who modified core.
is this boot? what can i do more? thx for help.
The admin account has just finished sending 1000 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.
After some processing of the /etc/virtual/usage/admin.bytes file, it was found that the highest sender was [email protected], at 1105 emails.
The top authenticated user was admin, at 1105 emails.
This accounts for 110% of the emails. The higher the value, the more likely this is the source of the emails.
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.
The most common path that the messages were sent from is /home/admin/domains/demo.xxxx/public_html/xxx, at 1000 emails (100%).
The path value may only be of use if it's pointing to that of a User's home directory.
If the path is a system path, it likely means the email was sent through smtp rather than using a script.
The top sending script was /home/admin/domains/demo.xxx/public_html/xxx/libraries/vendor/phpmailer/phpmailer/class.phpmailer.php:689, at 992 emails, (99%).
Because the bulk of the emails have been sent by the script, please check it to confirm it has not been compromised.
This warning was generated because the 1000 email threshold was hit.
Today i see in the Directadmin info but i don't send any email:/ I changed password updates application.. etc and find ip from china who modified core.
is this boot? what can i do more? thx for help.
The admin account has just finished sending 1000 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.
After some processing of the /etc/virtual/usage/admin.bytes file, it was found that the highest sender was [email protected], at 1105 emails.
The top authenticated user was admin, at 1105 emails.
This accounts for 110% of the emails. The higher the value, the more likely this is the source of the emails.
An authenticated username is the user and password value used at smtp time to authenticate with exim for delivery.
The most common path that the messages were sent from is /home/admin/domains/demo.xxxx/public_html/xxx, at 1000 emails (100%).
The path value may only be of use if it's pointing to that of a User's home directory.
If the path is a system path, it likely means the email was sent through smtp rather than using a script.
The top sending script was /home/admin/domains/demo.xxx/public_html/xxx/libraries/vendor/phpmailer/phpmailer/class.phpmailer.php:689, at 992 emails, (99%).
Because the bulk of the emails have been sent by the script, please check it to confirm it has not been compromised.
This warning was generated because the 1000 email threshold was hit.
