What to do if your server is used for spamming

Giedrius
Giedrius
edited March 22 in Performance and Security
Tagged:
We notice, that it is the most common issue among our servers. Most likely you have faced this issue at some point of your experience with VPS. We have decided to make this article to address the possible options on the spamming problem.

Why is your server sending spam?

In general, there can be a lot of reasons for it, but we narrow it down to these:

Your VPS was hacked;
Your Website was hacked;
You are sending spam intentionally.

Now, we are going to look to the first two of these reasons separately and provide some suggestions to prevent the server from being used in spam activities as much as possible.

What if your VPS was hacked?

Assuming your VPS is not being used for Web Hosting and rather used for data storing, data processing, VPN or something else, you most likely have no need for mail services.

The first thing should be to disable or remove all the mail services, such as Exim, Postfix, Sendmail on your server.

Secondly, block all the SMTP related ports: 25, 465, 587. This can be done via iptables or some other firewall software you are using as well.

Sometimes email can be sent by using SSH tunnels in such way the spam appears to be sent by localhost. This is done, by port forwarding via SSH, which creates a secure connection between a local computer and a remote machine through which services can be relayed, such as SMTP. Since this method requires access to some user on the hacked server, it shows how important is to create a strong password, use custom SSH port, enabling and using SSH Key. Keeping your credentials and access to the server only to yourself or the people that you trust.

Last but not least, keep your software up to date, always. Perform routine security checks or antivirus scans. Get yourself a firewall to block unwanted connections and keep logs on the security matters of your server.

What if your Website was hacked?

This is the most common spam incidents on our servers since our VPS are focused on Web Hosting purpose. So how do you proceed after?

1. Check and scan your server with antivirus software. Most attacks are not very original and have happened already so the malware or injection will be found by proper antivirus tool.

2. Make sure your Content Management System is up to date and if not, update it! The updates are being released not only because some new feature is added to the software, but also to fix the vulnerabilities that have become public and abused by the 3rd party. Make sure to set automatic updates or at least check it manually once in a while.

3. If your VPS uses Apache as default web service, there is a great tool called ModSecurity, which is Web application firewall. It helps to scan and block a lot of bad request towards your websites and keep it in check constantly. It is great way preventing your websites from being infected with the most common injections. ModSecurity can be manually set up to block unwanted or suspicious request manually.

4. Make sure to use secure and strong passwords for your CMS, do not share it.

5. Do not use unknown plugins, which can, in fact, be created and published to get access to your website.

6. Limit the file extensions you allow to be uploaded to your websites.

7. Assign proper permissions to your files and folders, and try to avoid “777”.

What if you did everything and yet, your server got reported to be spamming?

Despite that spamming and sending mass-mails are not allowed on our VPS, your websites will most likely send some emails occasionally. Such as confirmation emails, password reset emails for your customers, some change-log of your system information and etc. These emails can get flagged as spam, rejected, which eventually result in the server being blacklisted. Here are a few ideas to make these emails more trustworthy for other mail servers.

1. Create and use SPF, DKIM records for your domain.

2. Avoid some spam keywords. This basically all the keywords related to selling, offering, and marketing in general. You can find a lot of examples here.

3. The information you send should be only for general and for information purpose. Such emails should not be in any way related to marketing purpose or some newsletters.

Final notes

Always check your mail logs, your server access logs, to see the potential anomalies or intruders.

Keep your system and software updated.

If you got blacklisted, it is a fact. Focus on investigating and solving the problem.

The most important thing to remember. Spamming is forbidden by our Terms of Service, which you can review by pressing this link.
Tagged:
Sign In or Register to comment.
© 2013 - 2017 Time4VPS. All rights reserved. Powered by Vanilla
The opinions or views of users on the forum are those of the author and not of Time4VPS.