9Oca
Spam emails sent from our main domain email
We are using Amazon SES (Simple Main Service) with Cpanel (Exim, Laraval, and PHP). Yesterday thousands of spam emails were sent from our main email info@ourdomain.com. cPHulk Brute Force Protection was enabled and we changed the email password. Today the same thing happened so we think he maybe was able to get the SMTP credentials somehow.
On our server, the credentials exist in exim:
ses_login:
driver = plaintext
public_name = LOGIN
client_send = : username : password
.env files:
MAIL_MAILER=smtp
MAIL_PORT=587
MAIL_USERNAME=username
MAIL_PASSWORD=password
MAIL_ENCRYPTION=tls
.env files are not accessible directly and no way someone could have access to cPanel or the root user.
Any ideas on how this could have happened or how to stop it?
