Localrelay alerts

Discussion in 'Linux VPS/Dedicated - cPanel' started by Samuel Xavier, Mar 23, 2018.

  1. Samuel Xavier

    Samuel Xavier New Member

    Hi,

    Two days I'm getting these alerts.
    I do not know this problem. It had never happened before.
    It seems to me to be some kind of spam sent from VPS by a specific user. Am I right?
    I noticed that the VPS email queue is high.

    How can I solve this problem?

    Thankful.

    ______________________________________

    Time: Thu Mar 22 12:40:02 2018 -0300
    Type: LOCALRELAY, Local Account - usuariocom
    Count: 101 emails relayed
    Blocked: No

    Sample of the first 10 emails:

    2018-03-22 12:33:37 1ez2Dh-0004IC-Rd <= [email protected] U=usuariocom P=local S=1507 id=[email protected] T="What does your girl tell about your potentiality?" for [email protected]
    2018-03-22 12:33:38 1ez2Dh-0004IJ-Ui <= [email protected] U=usuariocom P=local S=1510 id=[email protected] T="How long have you broken off relations with your girlfriend?" for [email protected]
    2018-03-22 12:33:38 1ez2Di-0004IR-1O <= [email protected] U=usuariocom P=local S=1486 id=112ddd4b6b5c60326a4[email protected] T="How long have you broken off relations with your girlfriend?" for [email protected]
    2018-03-22 12:33:38 1ez2Di-0004IW-4q <= [email protected] U=usuariocom P=local S=1504 id=[email protected] T="How long have you broken off relations with your girlfriend?" for [email protected]
    2018-03-22 12:33:38 1ez2Di-0004Ic-81
     
  2. KH-DanielP

    KH-DanielP KH-COO Staff Member

    You've indeed got a spammer on your VPS.

    It's in the account U=usuariocom , and most likely some type of hacked wordpress plugin or similar. Look in the domlogs for a lot of POST requests going to funny scripts. You'll have to clean those scripts up plus figure out how they got in, could be an outdated plugin, bad password etc.

    Need reliable, affordable VPS hosting in the US and worldwide? Visit KnownHost.com.
     

Share This Page