1000 emails have just been sent

1000 emails have just been sent

Hi, sorry in advance if this is not posted in the right place. Over the past 4-5 months I’ve been getting messages from DirectAdmin on my client’s server about possible spammer activity, here’s one of them (actual domain is hashed out):

Quote:

The ##### account has just finished sending 1000 emails.
There could be a spammer, the account could be compromised, or just sending more emails than usual.

After some processing of the /etc/virtual/usage/#####.bytes file, it was found that the highest sender was #####@#####.com, at 1001 emails.

The most common path that the messages were sent from is /home/#####/domains/#####.com/public_html/administrator, at 1001 emails (100%).
The path value may only be of use if it’s pointing to that of a User’s home directory.
If the path is a system path, it likely means the email was sent through smtp rather than using a script.

This warning was generated because the 1000 email threshold was hit.

================================
Automated Message Generated by DirectAdmin


The hosting company say that the emails were not sent by their sever and that the site has probably been hacked. I’ve spent days trying to find where the exploit happened but am still lost. Can anyone point me in the right direction? At my wits end! Sorry if I’ve not provided enough info.

Comments are closed.