Virtual Private Servers are useful for anyone that runs a website. They offer capable isolated systems with appropriate RAM, storage, and bandwidth. The outstanding performance capabilities and ensured continuous accessibility are a bonus as it doesn’t limit page growth. When one uses VPS, they usually have a server for email purposes. While this is useful for businesses, a drawback is that they can be exploited by malicious users through outdated plugins or base installs. Failure to regularly update the software leads to unwanted spam, which is a problem as it can lead to your IP being blacklisted. Thankfully, there’s a way to stop your Windows or Linux VPS from sending them.
When a considerable amount of spam is sent to one or more recipients, there’s a high possibility that you will receive an ‘abuse report’. These notifications contain the headers of these emails as these can be used to determine where the spam is originating from. Before, hackers chose to infiltrate mailboxes to send these, but with the popularity of such content management systems, such as WordPress, Drupal, Joomla, now they choose to implement “spamscripts”.
Exim or the MTA (Mail Transfer Agent) handles all email deliveries on your respective Windows, Linux VPS server. All activity, including mail sent from scripts, is logged there. This is where the spamscripts are placed. It’s not easy to check all the files used by Exim but usually, they have some similarities they can be recognized by:
- randomly generated names,
- or look like legitimate Exim files,
- or can be an embedded code in an existing file.
There is an easy way to check for these. It’s advised for hosts to use such software solutions as ClamAV to scan for spamscripts. For those using Linux VPS, a good alternative is Linux Malware Detect (LMD) or Maldet. It utilizes multi-thread scanner features to detect this and other threats like viruses, trojans, malware, and stop them.
What to Do if Your VPS is Used for Spam
Once you notice that your server is used to send unwanted emails, there are a few steps you can take to stop them and ensure better security. Besides setting up appropriate scanning software, you should:
- Change all passwords. Do this for all email/FTP accounts and make sure they are strong, don’t use any words that can be found in the dictionary, include numbers and symbols. Sometimes this can be enough to stop the spam from being created.
- Stop the mail server. This will stop all outgoing emails and spam.
- Check the headers of the emails. You might either see domains or IP addresses in the “from” field. Blacklist them if they’re domains or create a firewall rule blocking the IP. If there is no information there, you likely have malware or there’s a spamming script installed on your Windows or Linux VPS.
Another big thing to do is to check for any server security issues. Scan the system with a proper antivirus software to see if there’s any malware and such.
Additional things can be done to ensure that your VPS isn’t used for spam again. It’s strongly recommended to:
- Keep all plugins updated. Always update all your software to the latest version as these usually implement new safety measures. Older ones are more vulnerable and susceptible to attacks.
- Run frequent scans. Use such tools as ClamAV or Linux Malware Detect on a Linux VPS to detect any malware or spamscripts on your server as soon as possible.
- Never use a connection without SSL. Sending any passwords or any files in plain code is very dangerous as they can be easily hacked. To prevent this, never connect without an SSL which encrypts all incoming and outgoing data.
- Have the right file permission set. Most CMSs and frameworks have a list of recommended permissions. It’s advised to use them as they can prevent vulnerabilities from being used to alter core files.
By implementing these steps, users can significantly minimize the chances of their servers being used for spamscripts. It also ensures additional security for the overall system.
Receiving ‘abuse reports’ and consequently getting your IP blacklisted can have a detrimental impact on a business. That’s why it’s important to monitor your server for any possible abuse and take proper prevention steps. This way, people won’t receive unwanted emails and your VPS will benefit from additional security.