Mailbox spammer

Discussion in 'Server Operation' started by ferra, Jul 30, 2014.

  1. ferra

    ferra Member

    Some how, someone was able to create a mailbox on /var/mail/web19 and is sending spam.
    I delete the mailbox web19 but after a while it appears again.
    I'm using ISPConfig, and the web19 client is using last version of WordPress
    We are running ISPConfig behind a firewall.

    Any idea?

  2. srijan

    srijan New Member HowtoForge Supporter

  3. ferra

    ferra Member

    Ok thanks, I'll try that. In the meanwhile I blocked the user and deleted postfix mail queue, the spam stopped.
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The problem is that your wordpress system has been hacked, this can happen e.g. trough a vulnerable wordpress version or a plugin or even a theme. you should check that also all plugins and the theme are up to date. Then check your server with maldetect:

    and dont care about the mailbox file. Nobody was able to create a mailbox on your system. Such a file gets created automatically by postfix when emails arrive for a system user like the user web19.
  5. ferra

    ferra Member

    Thanks till. I'll try maldet.

Share This Page