Cpanel Linux Email Breach

Apr 18, 2008

I dont know how but the passwords keeps getting changed on the emails on my cpanel. Its no one who has acess and no files are being delted to the problem is only with the email.

View 6 Replies


Security Breach Cpanel

Oct 1, 2006

somewhere on my cpanel server a script has been able to be used by a spammer and im now getting tonnes of returned mails from aol etc. 1000's are coming in every hour.

I think i have found the culprit, but i can't be sure. how can i find out for sure which script this was? the email headers dont even show the user from what i can see!

View 6 Replies View Related

Possible Server Breach

Nov 5, 2009

We have found (thanks to CSF warning us) in /tmp 4 suspicious files. One is a perl script (probably a backdoor) and the other 3 files are binaries. They were probably uploaded by some vulnerability a customer's website (now suspended) because they are under his ownership.

The server seems ok, nothing out of the ordinary (the root logins are disabled, we su - from another account).

We have run rkhuner and chkrootkit (fresh installs) and found nothing.

One of the binaries contained this (retrieved with strings): chown root:root /tmp/suid; chmod +s /tmp/suid (suid being one of the other binaries). This /tmp/suid has no suid set and is not under root ownership:

-rw-r--r-- 1 user user 759 Jan 25 2008
-rwxr-xr-x 1 user user 2404 Nov 4 22:10*
-rwxr-xr-x 1 user user 4945 Nov 4 22:10 suid*
-rwxr-xr-x 1 user user 6209 Nov 4 22:10 udev* seems to be from January but it's apparently fake:

# stat
File: `'
Size: 759 Blocks: 8 IO Block: 4096 regular file
Device: 901h/2305d Inode: 62820496 Links: 1
Access: (0644/-rw-r--r--) Uid: (userid/username) Gid: (userid/username)
Access: 2009-11-05 13:52:37.000000000 +0100
Modify: 2008-01-25 19:49:43.000000000 +0100
Change: 2009-11-05 13:55:41.000000000 +0100

I hope all this means that the command was either not successful or it didn't run in the first place.

The kernel is: 2.6.18-128.1.6.el5PAE
Control Panel: cPanel

View 7 Replies View Related

Security Breach At Steadfast

Jun 17, 2008

I got an email saying that there was a security breach at steadfast. At the same time I got an email saying that my account was suspended because I am sending spam from one of my domains. I NEVER SEND SPAM. I opened a support ticket and they apologized saying it's not my fault and they restored my account. Apparently spam was sent by a php script but they don't want to give me details. The next day they suspended my account again on the same reason.

View 13 Replies View Related

Security Breach On A Server

Dec 17, 2007

I found a random proxy site running out of /var/www/temp. It seems to have been created yesterday, and I found about it via a DMCA notice from the planet. Is this apache's temporary directory? There was even an entry for it in the apache configuration and was running as a perl script out of its own cgi bin. I killed it and chmod'd it to 0. In the future, would setting permissions on this directory to non executable prove to be effective? Any idea if this type of breach is serious enough to warrant an OS reinstall?

View 9 Replies View Related

Server Breach - One Time Admin

Mar 4, 2008

we have a server that was breeched and is being used to send ddos attacks to another website and we need to stop it permanently and secure our server to avoid it from happening again.

My tech has already been able to track down the bot/script that was sending it and seemed to stop it for about a week, but they have gained access to the server again.

He is not an expert at security issues so I'm looking to hire someone for a one time job to correct this issue.

Can someone offer me some referrals of someone to take care of this. Please do not recommend Rack911 as I waited nearly a week for their assistance and had no luck.

View 6 Replies View Related

WHMCS Breach - Some 3.5.1 Downloads Were Compromised

Jan 8, 2008

I just received a fairly scary WHMCS notice, you can view the details here:

<<please don't paste the file names, there are accounts that may have these on them>>

What are your thoughts on the entire situation? Personally, I'm a tad fearful (luckily, I hadn't upgraded to the next version yet as I was letting the other users play beta-testers) given the fact that there wasn't any versioning / modification 'notification' system in place on their end.

I'm fearing further updates. In essence, my concern is that the WHMCS development team isn't entirely certain how they were backdoored or to what scale they were backdoored.

Are their own billing systems & servers hosted in the same environment, were our billing details also released? etc. I want to know the scale of the attack.

View 14 Replies View Related

The Planet Warns Of Security Breach

Oct 16, 2008

I got this email earlier today, surprised to see there isn't already a 10-page thread about it. Did anyone else get this from The Planet?

In the course of the last two days, our Computer Security Incident Response Center team has identified suspicious activity in our customer management portal. Through their vigorous investigation, we have identified what appears to be a security breach that may have affected your customer portal account and server passwords. We have identified the methods by which the systems were compromised and have closed those holes. In addition to those actions, we will be implementing additional security measures to further strengthen the infrastructure and systems.

We are taking this action to alert you to this potential malicious activity. At this juncture, we are aware of only two incidents whereby log-in and server passwords were accessed. Based upon our security review of access logs, we do not believe any credit card information was compromised. We have contacted the authorities and are working with them to identify the perpetrator and to pursue appropriate legal action.

We are taking a proactive approach by contacting you directly, which we believe is the best course of action. We strongly suggest you implement a security best-practices approach by immediately taking four steps to mitigate risk:

1) Change your Orbit log-in passwords immediately and do so again every 60 days.

2) Change your server passwords and do so again every 60 days.

3) Be alert to any suspicious activity on your account.

4) If you suspect any unusual activity, please retain your access logs along with

View 11 Replies View Related

Plesk 12.x / Linux :: Not Able To Send Email To Another Email On Same VPS With External MX Record

May 28, 2015

I'm having difficulty sending an email to another email address (with a different domain) which is on the same VPS.The trouble is, on the other domain's VPS control panel, within the DNS settings, the MX records have been pointed externally (to an exchange server). Their email is turned off. But bizarrely, their mailbox is full.

It seems as though Plesk is ignoring the MX records, and sending MY email internally to the OTHER domain's mailbox on the same VPS.How do I get Plesk to send my mail to the correct EXTERNAL MX records?

View 4 Replies View Related

Can You Disable Email In Linux

Jun 19, 2008

I have alot of mail spam for my servers and I want to disable mail alltogether. I don't really need it, for I'm mostly using free mail. How do I do it? Is this possible?

View 10 Replies View Related

How To Setup Email Forwaders In Linux

Feb 16, 2009

Server OS: Cent OS 64Bit edition

I have 3 email used to send mails in my servers,

How to forward all incoming mail to those emails to my gmail account,

View 2 Replies View Related

How To Configure Email On Linux Ubuntu

Jun 24, 2009

email configuring problem.

I have a complete 512mb vps on All configuring went well.

But for some reason I can't get my email-server to work. I have followed all tutorials on Also I have installed atmail(.org) on my subdomain for email.

I always get the error the password isn't correct. Also when I try with Outlook.

The password is encrypted.

I understand an email setup is a complicated thing, and you probably need more information. But do you guys have any suggestions on what it might be? I'm a newbie, so it surely can be a newbie issue.

View 2 Replies View Related

Plesk 12.x / Linux :: Customer Welcome Email

Mar 26, 2015

How can I get access to configure and resend the welcome email that goes out to new customers/domains?

View 8 Replies View Related

Plesk 12.x / Linux :: Email DNS Settings?

Dec 5, 2014

so my website is working perfectly fine for a few months now, and im looking to use Roundcube instead of Google Apps.What are the DNS settings i need to change to for my domain registrar?Currently i have the following records, and it can only send email, and not receive.

A Records @ IP Address
A Records webmail IP Address

View 2 Replies View Related

Plesk 12.x / Linux :: How To Set Up Email Server

Jul 11, 2014

Basically I am trying to configure Plesk to send out email without being black listed. My emails are safe but I am currently blacklisted due to my set up.I have Plesk 12.0.18 and am using Qmail. The problem is I have one ip address right now and am using it for multiple domains. This is not ideal but was an issue with 1and1 not rendering ips at the time. I am not sure how to do reverse mapping with multiple domains on a single ip address.

Because my current ip address just got black listed is it possible to get 2 more ip addresses just for email and use those 2 for 2 domains so each domain would have a separate ip address? How would I set this up to be email safe meeting the spam requirements? spf, reverse mapping, etc?

View 2 Replies View Related

Plesk 11.x / Linux :: SSL On Email Broken Since 11.0.9

Jul 23, 2014

# cat /root/.autoinstaller/microupdates.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<product id="plesk" version="11.0.9" installed-at="20121209T212320">
<patch version="62" timestamp="" installed-at="20140723T035123" />

Minutes after this microupdate auto-installed, I am unable to login to POP and IMAP on this server. None of the accounts are able to login. The logs indicate hundreds of login failures, accompanying a new record I've never seen in these logs:

pop3d-ssl: Unexpected SSL connection shutdown.

Unfortunately, I can't find anything about what MU#62 actually included. The changelog only indicates up to MU#61, so I'm very concerned:URL....

I've googled the specific error I'm seeing above, but nothing appears to be remotely related to this problem.Is it possible to roll back the MU to determine if that is in fact the problem?

View 3 Replies View Related

Plesk 12.x / Linux :: VPS - Run Email Server

Apr 10, 2015

I have an VPS on 1&1 with Plesk 12 but this don't have the email function.

What I can do to install or activate this?

View 2 Replies View Related

Setting Up A Linux Email Server From Scratch

Dec 31, 2007

I am trying to get to grips setting up websites / email without the help of a control panel.

I am running centos and have managed to suss out the httpd.conf file enough to set up webspace but have no idea where to start on setting up a email server.

Any places where there is a step by step newbie guide that goes down to showing me how to add email users etc appreciated.

View 4 Replies View Related

Plesk 12.x / Linux :: No Email Option For Domain

Jan 24, 2015

I can't find email option in my plesk panel

I have installed mail servers in components, and i see mail settings under server tab but i just cant figure out how to enable mail for specific domain

If i go to i opens default home page, webmail subdomain points to my servers ip address in DNS, roundcube is also enabled in webmails....

View 1 Replies View Related

Plesk 12.x / Linux :: New Email Address With NO Mailbox

Jun 20, 2014

Since upgrading to 12.0.18 Update #5 i have picked up a strange problem when creating a new email account.

When I try setup and new email account on any domain, I get teh following error message.


Error: mailmng-outgoing failed: ERROR:outgoing:mails.domain_id may not be NULL

If i click OK, I get the following error message

The specified email address is already in use.

I have to click cancel to return to the email address list, which shows the new email address with NO mailbox.

I then have to open the email address and check the Mailbox option to activate it.

Now the email account is configured correctly.

View 5 Replies View Related

Plesk 11.x / Linux :: Email Mailbox Restoration

Oct 28, 2014

I have an individual that has moved there "sent box" to the deleted items and yes, has deleted them.

I have not used the restoration feature of plesk so i have a couple of questions before proceeding.

1. Can I restore a specific mail box folder "sent items"

2. If so will it overwrite all the items and only restore whats on the backup, because he has only just noticed and he has about 500 emails from the point he deleted it? or will it merge the items - e.g the 500 he has now + all the others from the back up.

3. If i cant restore a specific folder, does it overwrite all of the current mail from the backup.

View 1 Replies View Related

Plesk 12.x / Linux :: HTML Email In Horde

Jul 24, 2014

I've just upgraded from Plesk 11.something to 12.0.18 on Centos 6. And I've seen that Horde has stopped displaying HTML email again. editing psa-horde/imp/config/mime_drivers.php. I've made that same fix on my new Horde installation, but it doesn't seem to have worked this time. Is there anything different that I need to do on this version of Horde?

View 2 Replies View Related

Plesk 12.x / Linux :: Rebuild Email For One Domain Instead Of Everything?

May 14, 2015

I am skeptical of running mchk on my server and messing something up. I am having an issue with one domain hosted on my server getting 100's of duplicates from certain domains. My MagicSpam logs show that the email is sent to my server anywhere from every 15 minutes to 1 hour. It started out as one domain sender to my server to my client, now it is happening to a bunch of sending domains.

View 1 Replies View Related

Plesk 12.x / Linux :: Watchdog Email Notifications

Jul 26, 2014

When my server reboots I get about 12 email notifications from Watchdog that services are being started.I don''t get the same thing from my other Plesk servers upon reboot. How can I stop it?

View 4 Replies View Related

Plesk 12.x / Linux :: Email Address Uses - How To Change

May 29, 2015

I've looked a good amount of time trying to change/find where its stored. I've looked in var/qmail and there is no alias folder..We're running postfix/dovecot ....

View 4 Replies View Related

Plesk 12.x / Linux :: What Happens With Email On Old Server After Migration

Sep 2, 2014

If you transfered an account with the PMM, is e-mail still received on the old server being forwarded to the new one?

Is it a good idea to transfer only e-mail & accounts again after DNS propagates to the new server?

View 3 Replies View Related

Plesk 12.x / Linux :: WP Toolkit Email Notifications

Jan 23, 2015

I'd like to know if there's any way to stop notifications for updates from WP Toolkit. I didn't find anything in settings

View 2 Replies View Related

Copyrights 2005-15, All rights reserved