Page 1 of 1

spam coming from my own support email address

Posted: 21 Feb 2022, 02:58
by worldics
Hello,

A few days ago I start getting bounce backs from emails i never sent so i log in to Cpanel to see what is happening.

I look in the Mail Control section and see all these emails generated from my server and all messages marked Blue indicating Not Scanned.

First thing I did was change email password but that did not help.
I created filters on theaccount that worked for a few minutes till the spammer changed the subject line.

I contacted a support team and they where not able to stop it so I finally disabled sending mail from my own support account till this is fixed.

The last message i received was as follows below:
---
Hello,

We have investigated this issue for several hours with the help of a security expert. When there was an email attack we were unable to find any live connection to the server. We have blocked more than 200 IP addresses. Most of the IP addresses used are from Google Cloud and AWS Cloud servers and IP addresses are dynamic.

We suspect there is some vulnerability in the server that is being exploited. We have started the Imunify360 full scan. We urge you to please contact Cloudlinux team about this issue.

Alternative solution -

Please use Gsuite (Gmail business) for worldics.com or any other server for email service.

Thank you,
Harjeet Singh.
IT Technical Head
https://www.24x7servermanagement.com/

I tried to contact Cpanel but they said I would need to contact my datacenter first as the license is issued to them.

They then did a change to SPF settings but that did not work.

and then they suggested contacting support here where i got my mailscanner.

In Mail control i was able to block the IP's of the scanner but within less than a minute the IP changed and spam was flowing again.

Could anyone here help me get this spam to stop?

Thank you!
Harold
Worldics.com