• Inviting everyone who uses WordPress management tools in Plesk
    The Plesk team is conducting a 60-minute research session that includes an interview and a moderated usability test.
    To participate, please use this link .
    Your experience will help shape product decisions and ensure the tools better support real-world use cases.

qmail script abuse

Z

zonem0nkey

Guest
I believe someone or some script out there is abusing a email script that I have in one of my sites. I only have about a few email forms available on my site, but even after deleting and removing them, I'm seeing this script show up in my /usr/local/psa/var/log/maillog everytime.

1) I've turned off smtp relay via plesk.
2) I read some where that the maillog tells you the smtp messages that are being sent/received locally, is this correct?
3) Is there anything I can to find out which script/page is being abused?
 
check /var/tmp and /tmp/ for "suspect" files... some times they upload scripts there.
also do you have any open source cms or forums? they use to have some components with security wholes that users use to send emails.
 
You must log in or register to reply here.

Similar threads

I
Input Hardening Plesk with AbuseIPDB
Replies
2
Views
2K
iainh
I
M
Question System account sending email through smpt relay but no configuration present
Replies
3
Views
3K
maratn
M
Erwin Fiten
Question Email Domain abuse with forwarding
Replies
2
Views
3K
Erwin Fiten
Erwin Fiten
L
Resolved not sending via external SMTP (msmtp + Office365)
Replies
2
Views
2K
lema
L
J.Wick
Issue External Email Stopped Working after Upgrading to Plesk Obsidian 18.0.70 Update #2
Replies
1
Views
4K
J.Wick
J.Wick
Back
Top