Hello all,
I have to replace someone and take over the admin of a WAMP server, so I'm quite new to this, sorry if information is missing.
There is an old Joomla running on it, and site has been hacked a few days ago. I updated stuff and now everything is fine.
But I realised Apache error logs were growing fast. It contains lost of :
sendmail: Error during delivery: Spam detected.
Looking at the Sendmail debug.log, I can see SPAM being sent using my server (end of this post)
How can I find out where it is originated from and block that ?
Thanks
16/11/24 10:22:27 ** --- MESSAGE BEGIN ---
16/11/24 10:22:27 ** To: rwiddersjr@comcast.net
16/11/24 10:22:27 ** Subject: We do have a search for a partner
16/11/24 10:22:27 ** Date: Thu, 24 Nov 2016 10:22:27 +0100
16/11/24 10:22:27 ** From: Crystal <crystal@intranet.cohl.fr>
16/11/24 10:22:27 ** Message-ID: <8ee993a214679b255898182e1b476590@intranet.cohl.fr>
16/11/24 10:22:27 ** X-Priority: 3
16/11/24 10:22:27 ** MIME-Version: 1.0
16/11/24 10:22:27 ** Content-Type: multipart/alternative;
16/11/24 10:22:27 ** boundary="b1_8ee993a214679b255898182e1b476590"
16/11/24 10:22:27 ** Content-Transfer-Encoding: 8bit
16/11/24 10:22:27 **
16/11/24 10:22:27 **
16/11/24 10:22:27 ** --b1_8ee993a214679b255898182e1b476590
16/11/24 10:22:27 ** Content-Type: text/plain; charset=us-ascii
16/11/24 10:22:27 **
[...]
Connecting to smtp.completel.fr:25
16/11/24 10:22:27 ** Connected.
16/11/24 10:22:27 << 220 smtp3.mail.completel.net ESMTP Postfix<EOL>
16/11/24 10:22:27 >> EHLO SRVWEB01.******<EOL>
16/11/24 10:22:27 << 250-smtp3.mail.completel.net<EOL>250-PIPELINING<EOL>250-SIZE 51200000<EOL>250-ETRN<EOL>250-ENHANCEDSTATUSCODES<EOL>250-8BITMIME<EOL>250 DSN<EOL>
16/11/24 10:22:27 >> MAIL FROM: <crystal@intranet.cohl.fr><EOL>
16/11/24 10:22:27 << 250 2.1.0 Ok<EOL>
16/11/24 10:22:27 >> RCPT TO: <rwiddersjr@comcast.net><EOL>
16/11/24 10:22:28 << 250 2.1.5 Ok<EOL>
16/11/24 10:22:28 >> DATA<EOL>
16/11/24 10:22:28 << 354 End data with <CR><LF>.<CR><LF><EOL>
I have to replace someone and take over the admin of a WAMP server, so I'm quite new to this, sorry if information is missing.
There is an old Joomla running on it, and site has been hacked a few days ago. I updated stuff and now everything is fine.
But I realised Apache error logs were growing fast. It contains lost of :
sendmail: Error during delivery: Spam detected.
Looking at the Sendmail debug.log, I can see SPAM being sent using my server (end of this post)
How can I find out where it is originated from and block that ?
Thanks
16/11/24 10:22:27 ** --- MESSAGE BEGIN ---
16/11/24 10:22:27 ** To: rwiddersjr@comcast.net
16/11/24 10:22:27 ** Subject: We do have a search for a partner
16/11/24 10:22:27 ** Date: Thu, 24 Nov 2016 10:22:27 +0100
16/11/24 10:22:27 ** From: Crystal <crystal@intranet.cohl.fr>
16/11/24 10:22:27 ** Message-ID: <8ee993a214679b255898182e1b476590@intranet.cohl.fr>
16/11/24 10:22:27 ** X-Priority: 3
16/11/24 10:22:27 ** MIME-Version: 1.0
16/11/24 10:22:27 ** Content-Type: multipart/alternative;
16/11/24 10:22:27 ** boundary="b1_8ee993a214679b255898182e1b476590"
16/11/24 10:22:27 ** Content-Transfer-Encoding: 8bit
16/11/24 10:22:27 **
16/11/24 10:22:27 **
16/11/24 10:22:27 ** --b1_8ee993a214679b255898182e1b476590
16/11/24 10:22:27 ** Content-Type: text/plain; charset=us-ascii
16/11/24 10:22:27 **
[...]
Connecting to smtp.completel.fr:25
16/11/24 10:22:27 ** Connected.
16/11/24 10:22:27 << 220 smtp3.mail.completel.net ESMTP Postfix<EOL>
16/11/24 10:22:27 >> EHLO SRVWEB01.******<EOL>
16/11/24 10:22:27 << 250-smtp3.mail.completel.net<EOL>250-PIPELINING<EOL>250-SIZE 51200000<EOL>250-ETRN<EOL>250-ENHANCEDSTATUSCODES<EOL>250-8BITMIME<EOL>250 DSN<EOL>
16/11/24 10:22:27 >> MAIL FROM: <crystal@intranet.cohl.fr><EOL>
16/11/24 10:22:27 << 250 2.1.0 Ok<EOL>
16/11/24 10:22:27 >> RCPT TO: <rwiddersjr@comcast.net><EOL>
16/11/24 10:22:28 << 250 2.1.5 Ok<EOL>
16/11/24 10:22:28 >> DATA<EOL>
16/11/24 10:22:28 << 354 End data with <CR><LF>.<CR><LF><EOL>