Hello All,
we are facing a phishing attack at our site. A lot of users was hijacked. The attacker sends thousands of themaleficent mails via our Roundcube server.
So, I can realise which user account it was (roundcube DB, table identities -> user_id -> table users -> username).
But, even if I changed the user password the attacker was still sending via roundcube. Even if I removed a session_id from session table it was still sending it's damned spams.
The only thing that finally stopped the evil session was restart of the server
Could you please advice the better way to terminate the evil session, or maybe there exist some more elegant way to kick-off the attacker?
Regards
Loriel