WOW - digging around in WHM cPanel while waiting for some of the tests to load and to me it looks as if possibly the email account has been hacked. What do you guys think?
I'm in the View Mail Statistics Summary area and under the heading: Top 50 sending hosts by message count I see these hosts as senders I assume:
ip1.grsrv.com
(wf41wb6.myrename.com)
(l7erx.renameweb.com)
(marketmindful2.com)
(nativespace-janus.ns-janus.com)
(grandpat.info)
(lloydstsb.co.uk)
m5.myzamanamail.com
(ip-static-74-121-182-135.as5577.net)
(mailserver.localhost.com)
fordtruckin.com
m1.myzamanamail.com
(acreflubgh0121.com)
(h2zmoj.renameweb.com)
mail02.feedblitz.com
mta65250.mxmfb.com
r26.hello.channel4.com
pc-175-63-100-190.cm.vtr.net
hot-train.com
mout.gmx.com
(bldprssure0128.com)
m10.myzamanamail.com
(fight4fam0128.com)
jest8.jestpil.org
(gmail.com)
106-85.mta.dotmailer.com
(februdeals.co)
mail2146.lakelandltd.mkt2684.com
(datecommunity.co)
(topwindowglass.net)
spruce-goose-af.twitter.com
spruce-goose-al.twitter.com
spring-chicken-ar.twitter.com
mail23.members.csnstores.com
mail4.members.csnstores.com
smtp083.myfanbox.com
(static.ttnet.com.tr)
cpe-066-056-189-213.sc.res.rr.com
mail.aaftexteis.pt
(rectifyeliminate.co)
smtp076.myfanbox.com
smtp077.myfanbox.com
nitrogen-onsise.cccampaigns.com
(truefreecredit.org)
68-170-59-100.mammothnetworks.com
mail1767.messages.eno.org
61-227-9-71.dynamic.hinet.net
fw.dabs.com
adsl-68-91-199-150.dsl.snantx.swbell.net
If this is a hacked situation how do I fix this? I'm used to fixing a hacked vBulletin but not an email server. Shouldn't the freaking host be fixing this crap since they are the ones who ultimately caused it anyways?!?!? I've attached three screens from the site suggested by Simon. I'm not sure what exactly some of that means on those warnings. Where do I make those changes or is that something the host should do?
|