• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question suspicious email address automatically created in plesk panel

S

skrdknd

New Pleskian
Server operating system version
CentOS 7
Plesk version and microupdate number
18.0.55
I have Plesk installed on my dedicated server and a couple of client accounts. Five suspect email addresses were recently generated automatically in one of the customers. support_Xsreuwst@FQDN.com is the email address.

Why was this email produced, and how can it be avoided?

Can somebody give me some tips on how to avoid it?
 
They could have been created by a script through API. They could have also been created by an extension, although I am not aware of extensions that do this. It is also possible that - if a subscription allows root access - a script in the subscription itself runs a Plesk command on the server to create the mailboxes. Finally, it is thinkable that a hacker gained access to the account by stealing username and password and simply created the mailboxes manually. That can be avoided by using the Google Authenticator 2FA extension to protect account access.
 
If you install the Action Log extension, you can monitor who or what creates a mail account (amongst others):
www.plesk.com

Action Log

This extension is a more advanced log browser than the one available in Plesk by default. Action Log has the same features as the built in log browser in Websites & Domains plus much more.
www.plesk.com www.plesk.com
 
You must log in or register to reply here.

Similar threads

S
Issue LFD Alerts generating massive amounts of emails
Replies
0
Views
795
SolarStorm
S
M
Resolved Plesk Email Security Pro: No access to individual Blacklist/Whitelist/Filter sensitivity - Button is Missing since
Replies
2
Views
781
mcac
M
A
Question Spam detection on outgoing mails with Plesk Email Security
Replies
2
Views
692
Kaspar
K
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
2K
Change Maker
C
brother4
Question Custom rules for Mod Seruity 3.0 Nginx - WordPress protection
Replies
2
Views
756
brother4
brother4
Back
Top