my server has been hacked, the hacker is sending massive emails from my server and this overloads my server and make it fail.
i have to stop exim to lowerdown the overload and keep my sites online.
i check the mail queue manager in the whm panel and in just one second exim running, are 100 messages waiting to be send, the messages look like this
1KAHPH-0001IY-91-H
mailnull 47 12
<>
1214109747 0
-helo_name zarniwoop.mit.edu
-host_address 18.62.0.170.51467
-host_name zarniwoop.mit.edu
-interface_address 209.200.248.154.25
-received_protocol smtp
-aclm 0 1
1
-aclm 1 8
planoinf
-body_linecount 44
-max_received_linelength 105
-deliver_firsttime
XX
1
k36em8mailer-daemonq@planoinformativo.com212P Received: from zarniwoop.mit.edu ([18.62.0.170])
by elhumildeservidor.quetalvirtual.com with smtp (Exim 4.68)
id 1KAHPH-0001IY-91
for k36em8mailer-daemonq@planoinformativo.com; Sat, 21 Jun 2008 23:42:05 -0500
071P Received: (qmail 26444 invoked for bounce); 20 Jun 2008 08:15:42 -0000
033 Date: 20 Jun 2008 08:15:42 -0000
038F From:
MAILER-DAEMON@zarniwoop.mit.edu046T To:
k36em8mailer-daemonq@planoinformativo.com024 Subject: failure notice
026 X-Spam-Status: No, score=
015 X-Spam-Score:
013 X-Spam-Bar:
016 X-Spam-Flag: NO
1KAHPH-0001IY-91-D
Hi. This is the qmail-send program at zarniwoop.mit.edu.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<
bbif-requestn@bbif.vaporware.org>:
Sorry, no mailbox here by that name. (#5.1.1)
--- Below this line is a copy of the message.
Return-Path: <
k36em8mailer-daemonq@planoinformativo.com>
Received: (qmail 20042 invoked from network); 20 Jun 2008 08:15:40 -0000
Received: from ppp-58-9-234-114.revip2.asianet.co.th (58.9.234.114)
by zarniwoop.mit.edu with SMTP; 20 Jun 2008 08:15:40 -0000
Message-ID: <000601c8d34c$07640388$5497718a@vqexhn>
From: "brandyn roald" <
k36em8mailer-daemonq@planoinformativo.com>
To: <
bbif-requestn@bbif.vaporware.org>
Subject: MSG ID:92691 Re: where I got those expensive shoes
Date: Sat, 21 Jun 2008 01:24:52 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
The world's largest luxury store for shoes and bags is just one click away.
Recommended by thousands of satisfied customers worldwide, we carry dozens of famous brands including:
~ Louis Vuitton
~ Armani
~ Gucci
~ Prada
~ Hermes
Here you will find thousands of stunning designs for shoes, and leather products, at rock bottom pricing.
Prices range from just $39 to $199; quality is assured and satisfaction absolutely guaranteed.
Sale ends this week, so visit us today and start pampering yourself and your loved ones!
- Visit our site:
www.nivematel[DOT]com
(copy this link and then replace "[DOT]" to ".")
------------------------------------------------------------------------
the sender of the messages are random accounts like
k36em8mailer-daemonq@planoinformativo.comFYymailer-daemonq@planoinformativo.comxwwfchmailer-daemonq@planoinformativo.comi already check my accounts inside the server and all the scripts inside the accounts and nothing seems to be wrong, but i couldn't find the script that is sending all that emails, i also change all my passwords .
could you please help to stop this, because all my users can 't recive or send emails
