I have a cpanel server at TP that has a phisher on it. I found the domain and user by looking up who is relaying email through WHM. He or it wasn't hard to spot. Sent out a half million pieces of garbage in less than a day and I need to find out exactly how to get rid of this illegal account and prevent another from happening. I deleted it and the huge mail queue, but the user came back. My APF install has blocked numerous brute force attempts, so I do have protection, but obviously the firewall is not enough.
I need to do something quick as my provider has given me 24 hours to do something. I asked TP to do so on my admin time, but I received no response and I'm sweating. I have only one paying reseller client on it who is using VB Bulletin. He's worried too as the RBLs have taken notice.