Spam using a script's backdoor and pop server goes down
My site on a VPS server (Linux/Cpanel/Php/MySQL). Today POP3 server has failed and I restarted. And again and again. After 4 times of reset I suspend my account on cpanel.
There were some days I got high cpu usage last month.
I think someone making mail spam or something like that using my pop server.
My friend said that they can be use one of my scripts' mail function.
How can I find how they do that or which script?
Is there a way to block mail function using?
Can I authenticate outgoing mail server (SMTP) from cpanel?
Is there log file about pop server using?
Q. How can I find how they do that or which script?
A. Check you web logs (/usr/local/apache/logs/error_log and /usr/local/apache/domains/youdomain.log)
Q. Is there a way to block mail function using?
A. It's easy. In your serverwide php.ini in add to disable_function = mail and then restart apache. You should also prevent access to sendmail trougth php and allow only smtp connection to localhost. For this, in the same file uncomment smtp option and comment sendmail. After all changes you should restart apache.
Q. Can I authenticate outgoing mail server (SMTP) from cpanel?
A. Yes, you can. Check in WHM - disable sending mails from user nobody
Q. Is there log file about pop server using?
A. Yes, you can check /var/log/maillog
Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168