who sent these messages

F

FileSick

Verified User
Joined
Oct 5, 2013
Messages
104
hi everyone

i just received these two messages and both of them got the same title and content so could you please help me out and tell me what happened and how to stop that

Title : Warning: 1844 emails have been sent yesterday by admin

body :

There have been 1844 outgoing emails yesterday from the admin User account.
There could be a spammer, the account could be compromised, or just sending more emails than usual.

This warning was generated because the 1000 email threshold was passed.



so could you please tell me who sent all of these am i hacked ?

please help me
 
One of your sites are probably hacked. You would have to look at the mail logs in /var/log/exim/mainlog, but if it says admin you already know who the user is.
 
FileSick said:
so could you please tell me who sent all of these am i hacked ?
Click to expand...

Not necessary that you were hacked. But that might be a reason.

If you have sites on admin account, then it might be bots which constantly opens new accounts on your sites/forums, so those emails might be welcome emails, or bots might add comments to your articles and in this case those emails might be notifications on them.

Anyway as scsi has already said, you should read exim logs or check it in directadmin and learn who sends emails.
 
thank you so much for both of you

i am the only user but i think it's because of these emails i'm recieving from the firewall i'm getting tons of it every second

http://i.imgur.com/wMkxKdl.png

but i just opened one of these messages and it's says "Suspicious process running under user nobody" but there is no such user i just checked all he users on my server and it's only one user admin so what do you think ?

waiting for your respond
 
Those are just emails from your lfd daemon which is built into your csf firewall to let you know when things are going on. You basically need to tweak your configs more to stop these emails. Normally adding processes or users you know are safe to /etc/csf/csf.pignore. You should have someone help you configure it properly though if you do not know what you are doing.
 
thank you so much for your time and help i really can't thank you enough

so just to be sure these messages i am getting from lfd is the reason why i'm getting the "Title : Warning: 1844 emails have been sent yesterday by admin" message ?


waiting for your respond
 
It is possible that they are all from your lfd daemon. You would have to look at the /var/log/exim/mainlog to verify though. You could look iin /etc/csf/csf.conf and see if you have [email protected] set to LF_ALERT_FROM too.
 
You must log in or register to reply here.
Back
Top