New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Need help to solve the "Abuse Complaint"
I am running one site with Worpdress, but it seems that it can't get avoid of "Spam complaint". I have used Ramnode for some time and it shut down my server for this reason for several times ( I am not complaining). And this time, URPad tell me about this kind of Complaint again.
My Wordpress and plugins had been updated to the latest version.
I have just changed my admin password AGAIN
I have browsed my template so that there is no backdoor code.
What else can I do? Need suggestions...
We have received the following spam complaint originating from your VPS. Please resolve this issue as soon as possible.
[ SpamCop V4.8.1.007 ]
This message is brief for your comfort. Please use links below for details.
Email from My-ip / Fri, 28 Mar 2014 10:20:12 +0200
http://www.spamcop.net/w3m?i=z6105225295z99ec1371d974b6f1fe0bb7cc87460d9cz
My-ip is open proxy, see: http://www.spamcop.net/mky-proxies.html
[ Offending message ]
Return-Path:
Received: from b.mx.colocall.net (b.mx.colocall.net [62.149.2.57])
by colocall.net with ESMTP id s2S8KZJO086543
for ; Fri, 28 Mar 2014 10:20:35 +0200 (EET)
(envelope-from [email protected])
Received: from as8.telkomsa.net (as.telkomsa.net [196.25.211.37])
by b.mx.colocall.net with ESMTP id s2S8KFxJ023870
for ; Fri, 28 Mar 2014 10:20:34 +0200 (EET)
(envelope-from [email protected])
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.98.1 at mars.colocall.net
X-SPAM-Check-IP: 196.25.211.37
X-SPAM-Filters:
Received: from unknown (HELO hercules.telkomsa.net) ([192.168.111.126])
by as8.telkomsa.net with ESMTP; 28 Mar 2014 09:58:47 +0200
Received: from localhost (localhost [127.0.0.1])
by hercules.telkomsa.net (Postfix) with ESMTP id 33F565F800A
for ; Fri, 28 Mar 2014 10:20:13 +0200 (SAST)
X-Virus-Scanned: amavisd-new at hercules.telkomsa.net
Received: from hercules.telkomsa.net ([127.0.0.1])
by localhost (hercules.telkomsa.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Xf18q9-UWHlG for ;
Fri, 28 Mar 2014 10:20:13 +0200 (SAST)
Received: from telkomsa.net (unknown [My-ip])
by hercules.telkomsa.net (Postfix) with ESMTPA id 723715F8023
for ; Fri, 28 Mar 2014 10:20:12 +0200 (SAST)
Date: Fri, 28 Mar 2014 8:20:09 +0000
From: "=?windows-1251?Q?=C5=E2=F3=F1=FF_=D0=FE=EC=EE=E2=E0?="
Organization: alurhiizvn
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: x
Subject: =?windows-1251?Q?__=C7=E0=EA=EE=ED=EE=E4=E0=F2=E5=EB=FC=ED=FB=E5-=F2=F0=E5=E1=EE=E2=E0=EE=ED=E8=FF=2C=EF=EE=EA=F3=F3=EF=E0=F2=E5=EB=FF=2C=2C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
X-Verify-Sender: Address has been verified (b.mx.colocall.net)
X-Content-Filter: b.mx.colocall.net: passed
http://besorgs-deiner-mudda.de/vw/r2.php
-----------------------
Jason Kaminsky
Director of Systems Administration
Comments
Your VPS has a vulnerable PHP mailer.
Review outgoing mail logs, most of the time you can find which folder the script is on, then review your files. Moving infected files to other hosts will only trigger the same issue.
btw, is there any automatic way to discover a PHP mailer on vps ?
Try Linux Malware Detect
Best thing to do is backup the WP database and just reinstall everything. Reinstall any plugins/update that are absolutely needed and dont install ones less commonly used by you. Always make sure WP is up to date.
It could also be the that your local mailserver allows delivery without authentication from remote ips.
Get rid of the spamcop link @VMVPS
Also, does your WP install send as tino@ ?
Thanks @Rallias @ DalComp
I have checked my log and found alot of request from Russian... I just deleted my script and will check it later.
@HC_Ro Yes I will follow this steps AGAIN. so sad...
I recommend https://infinitewp.com/ to keep up to date on updates etc.
You're not supposed to shared SpamCop reports...
Alexander
There's nothing saying you can't.
A company I talk to got a really hard time from spamcop, because they were forwarding the reports to the end user, never mind a public forum.
Alexander
They sent an email. They have no reasonable expectation of privacy.
Do you even need MTA on your VPS? If not then shut it down and disable it, be it exim4, postfix.
If you really need your WordPress to send e-mails look here http://wordpress.org/plugins/configure-smtp/ This way you would be able to use Gmail, Mailgun or any other SMTP service to relay WordPress e-mails for you.
Also, that should go without saying - secure your VPS. Operating system first and then your web server/PHP/database components. Make sure you run recent versions of the software to avoid known vulnerabilities.
I would recommend to install http://wordpress.org/plugins/sucuri-scanner/ and scan your installation with it. It's free.