Question suspicious email address automatically created in plesk panel

[skrdknd]

Server operating system version

CentOS 7

Plesk version and microupdate number

18.0.55

I have Plesk installed on my dedicated server and a couple of client accounts. Five suspect email addresses were recently generated automatically in one of the customers. [email protected] is the email address.

Why was this email produced, and how can it be avoided?

Can somebody give me some tips on how to avoid it?

 

[Peter Debik]

They could have been created by a script through API. They could have also been created by an extension, although I am not aware of extensions that do this. It is also possible that - if a subscription allows root access - a script in the subscription itself runs a Plesk command on the server to create the mailboxes. Finally, it is thinkable that a hacker gained access to the account by stealing username and password and simply created the mailboxes manually. That can be avoided by using the Google Authenticator 2FA extension to protect account access.

 

[skrdknd]

Thanks peter for your information. Which type of API they use to create it?

 

[Maarten.]

If you install the Action Log extension, you can monitor who or what creates a mail account (amongst others):

Action Log

This extension is a more advanced log browser than the one available in Plesk by default. Action Log has the same features as the built in log browser in Websites & Domains plus much more.

www.plesk.com

 

[skrdknd]

Many thanks . I found lot of information