Have you ever been hacked? If you have, you’ll know what this is all about.
Unlike in the movies, most times you get hacked, you may not even know it. You usually don’t get the black screen with a skull on it or any indication that you’re hacked. That happens very rarely even though I’ve seen it as well.
I’ve been hacked many, many times and the majority of the times, my server was exploited in order to use it as a bulk emailer. A malicious script is injected and it sends out bulk, spam emails to long lists of subscribers. Thousands, even millions of them.
Being hacked numerous times has taught me many great ways of finding problems and securing a server, making it almost impossible to hack. Our company Tribulant Software also provides extremely secure hosting services without placing the restrictions on the clients. Try it out – there is a 30 days trial – you’ll be impressed!
How to detect spam emails?
You may start suspecting spam email being sent from your cPanel server due to mail delivery reports coming back to you about email addresses that don’t exist or even remote servers blocking those emails due to it’s content.
The quickest way to find out would be to go to Email > Mail Queue Manager in WHM and check what emails are in the Exim queue to be sent. If you notice garbled email addresses, senders that don’t exist or even messages that you know shouldn’t be queued, you may be hacked.
Find cPanel Script Sending Spam
The next step would be to find and remove malicious scripts that may be sending bulk, spam emails on your server.
Login to the shell via SSH as root to the root of the server and run the following command:
The command will give you an output such as this:
The output shows the amount of emails sent and then next to it the location of the script where the emails were being sent from.
You can then go into that path/directory and remove the script(s) that send out the spam emails on your cPanel/WHM server.
Secure cPanel/WHM Server
It is very important to secure your cPanel/WHM server.
I recommend that you install and configure the ConfigServer Security & Firewall plugin/module on WHM and run a security check to see which areas you can improve in.
It may not be possible to secure all areas as it recommends to you because then you’ll end up making your websites practically inaccessible but it has amazing suggestions for the most part.
All the best and I hoped this helped! Feel free to comment if you have any questions.
Get Proper Hosting
The majority of people don’t actually manage their own servers. Either because of cost or simply because they are just to busy and need to focus on what is important, their own business!
As I mentioned earlier, we offer the best hosting services available. It provides speed, security and daily, redundant backups. Give it a try if you’re interested, there is a 30 days trial available too!