Recently a hacker broke into my server and sent out thousands of emails from a particular account. SM then sent me a warning email after they received spam reports from SpamCop.

After taking some action, SM closed the case (after I explained to them what happened, the actions that I have taken and that they received no further complaints).

Although I created another ticket on this, not much action SM has taken to track the hacker's activities.

Has anybody experienced this before? What was the action that you had taken?

I have had a problem like this a while ago, heh, some lame php file called "marshmallow.php" , usually if the process is active I track it down by



It will usually give you some indication on where its running, occasionally you will get a kiddy that hides the process or "renames" it so its harder to notice at first , but most people notice when the load spikes to 50+ .

My advice is dont allow people to upload stuff like avatars to your server, make sure all your PHP scripts are up2date, and make sure they cant exec stuff out of tmp! hope that helps out a bit .

put limits your mail delivery, You can do that in WHM, and yes i'v had that problem. SM is not going to track this hacker down, after all maybe it was just some that got a user name and pass from another account, peace.

We encounter issues like these all the time. Most of them are sent using php scripts due to insecure client side scripts.

Mod_security will help.

Compiling phpsuexec and preventing user nobody from sending email is a very effective method in tracking down the website responsible.

1st attempt.

Someone got in through an os ticket flaw and was able to post their perl script into my server. Then, they start mass mailing. Removed OS Ticket.

2nd attempt.
They used my PHP mailer and ran a big command to override my mail settings using mail() and starting sending out mass mailing. Secured PHP to only run on local site.