• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Too many outgoing Emails

V

vintzblack

New Pleskian
Server operating system version
Debian 11
Plesk version and microupdate number
18.0.57
Can someone explain the meaning the information. I suspect serious hacking

config: Warning: service anvil { client_limit=1000 } is lower than required under max. load (2251). Counted with: service managesieve-login { process_limit=100 } + service pop3-login { process_limit=1024 } + service imap-urlauth-login { process_limit=100 } + service imap-login { process_limit=1024 } + service auth { process_limit=1 }
 
@Maarten. I thought of that one, too, and did a test on a Debian 11 server, but could not verify it against what @vintzblack wrote "service anvil ...". His error message does not mention Dovecot. It will probably be somehow linked to insufficient limit parameter, but I could not find here where to change this specific setting.
 
Thank you for the observation. Below is an email snippet from my hosting company, apparently they think otherwise.

The level of SMTP traffic on port 25/tcp is unusually high and at this pace you will hit the limit soon and all connections on this port will be blocked until the next day.

So if indeed there is malware infestation or some kind a back door that has gained access to my server, how can identify that and possible remedies for a newbie can adopt.

Regards
Vintz
 
I conducted an extensive investigation on the unusual traffic on my server and I noted a large volume of broadband usage of 27Gigs on one my domains. I checked the log and I saw a lot of IP addresses that were accessung the server. One of the IP address had that message below.

GET /HALLOWEEN%20%F0%9F%8E%83Marshmello%20Mask%20-%20WFdBUFRUWEFdFl5B/ HTTP/1.0

That could explain the high traffic usage. Obviously my wordpress installation had been compromised. So I replaced the wordpress files and folders, I did not touch the config file and wp content folder. After that my traffic dropped to zero. Problem solved. Bob is your ancle
 
You must log in or register to reply here.

Similar threads

andreios
Issue Setting the default_client_limit value for dovecot by Plesk as specified by the instructions
Replies
3
Views
2K
Peter Debik
P
K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
2K
kassi
K
I
Issue Emails can not receive
Replies
2
Views
1K
cientiros
C
hschramm
Extension SSLit: Dovecot unable to start due to too many SNI ssl certificate config files
Replies
6
Views
2K
kevinjansen
K
K
Resolved Plesk 17.5, Dovecot, error "process_limit (100) reached", but why?
Replies
4
Views
4K
King555
K
Back
Top