Customer email hacked? Exceeded limits warning

[Xavier12]

Hey guys,

For some reason one of my customers email accounts seems to have been hacked. My admin account continues to say that the customer has reach over the 30 emails per hour limit. This is the email error:

Please be informed,
following customers' domains, mailboxes and subscriptions are reached their limits for outgoing emails for the period:
>From Dec/13/2014 05:47
To Dec/13/2014 06:47

Subscriptions
customerdomain.com, the limit is 100 messages per hour
336 attempt(s) to exceed limits from Dec/13/2014 04:31 to Dec/13/2014 05:47

So far it has sent over 5,000 attempted in the past few hours. The customer used gmail to send from domain before, so I've changed their gmail email password. I've also changed the main email password, and the plesk username and password login for the customer. It still continues

Please advise, thanks.

 

[UFHH01]

Hi Xavier12,

log - entries and configuration - files can help to investigate issues.

Parallels Plesk Panel for Linux services logs and configuration files ( KB - article: 111 283 )​

If you allow your customer to use sendmail, you can as well investigate the apache2 and/or nginx - logs ( please investigate as well the domain specific logs ).

If your customers use PHP mail, you have the choice to investigate this as well:

Many email messages are sent from PHP scripts on the server. How can I find the domains on which these scripts are running? ( Parallels KB - article : 1711 )

Many email messages are sent from PHP scripts on the server. How can I find the domains on which these scripts are running if I am using Postfix? ( Parallels KB - article : 114 845 )​

 

[Xavier12]

Hi Ufhh01,

Makes sense. Thanks for the prompt update and support!