1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning: 5345 emails have been sent yesterday by admin

Discussion in 'BlackHat Lounge' started by milans, Jul 17, 2011.

  1. milans

    milans Regular Member

    Joined:
    Mar 26, 2011
    Messages:
    370
    Likes Received:
    149
    Just got this warning by Direct Admin in my inbox:

    -------------------------------------------------

    A new message or response with subject:

    Warning: 5345 emails have been sent yesterday by admin

    has arrived for you to view.
    Follow this link to view it:

    http://xxxxxxxx.net:2222/CMD_TICKET?action=view&number=000000246&type=ticket


    ======================================================
    Automatically generated email produced by DirectAdmin 1.37.0

    Do Not Reply.

    --------------------------------------------------------------

    Does anyone know how to track down which e-mail address is sending the spam? I haven't sent that many e-mails and can't find the solution through by searching the net :(
     
  2. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    I would contact your hosting provider right away. Apologize and let them know your server has been compromised.
     
    • Thanks Thanks x 1
  3. terry56

    terry56 Junior Member

    Joined:
    Aug 8, 2009
    Messages:
    126
    Likes Received:
    280
    Occupation:
    Electrical Engineer
    Location:
    Camarillo,CA.
    Yes, and get them to give you a new password.
    This happened to me last year.
     
  4. milans

    milans Regular Member

    Joined:
    Mar 26, 2011
    Messages:
    370
    Likes Received:
    149
    It's my own VPS so I can change the passwords myself. However, I have a couple of virtual assistants working on the server (using e-mail) and I think one of them might be abusing the e-mail account or has a virus. I want to narrow down which e-mail address is sending the spam but I can't seem to find how to check this in Direct Admin.

    I hope someone can help me with this, google doesn't have the answer..
     
  5. dny238

    dny238 Newbie

    Joined:
    Aug 10, 2012
    Messages:
    0
    Likes Received:
    0
    I assume this is an old post, but found it when googling, so here's my solution in case someone else finds it in the future.
    --------
    I found my problem with the following bash command. You might not be using exim which would change the logic entirely. Also fix the date to be the date you got the warning for.

    count the lines: cat /var/log/exim/mainlog | grep 2012\-08\-09 | grep \T\=\" | wc -l
    see the subjects: cat /var/log/exim/mainlog | grep 2012\-08\-09 | grep \T\=\"

    Essentially, find your mail log file and search it to see what's being sent!
    Dny238