How do I stop spam in my Linode?
Hi
I have received a report of Spam originating from my Linode.
So I scanned it using Clamav and it was okay.
I have enabled the ufw, checked the logs and it seems my Linode is being attacked from lots of IPs.
I want to fix the spam issue asap.
Can you give me some advice to fix these issues?
1 Reply
hphillips
Linode Staff
Spam can come from your Linode, or if you do not have DNS properly configured for your domain, someone may be able to forge email to look like it came from you.
If your system appears to have been compromised, the best advice is to rebuild it from clean sources.
The second best course of action would be to have your system audited by an organization that specializes in Linux Security. You may want to search the web for "Linux Compromise Recovery" or take a look at sandflysecurity.com or Sucuri.net.
There is no command that you can run that will magically identify all possible compromises, fix any damage done, and prevent them from happening again.
ClamAV can scan for Malicious Files that you may have downloaded or left behind by an attacker for known viruses. It will not be able to reliably detect if your system has been compromised.
Enabling the UFW can help block access to running but unused services or restrict access to trusted parties, but without knowing how the attacker gained entrance, you will never be sure that you have effectively stopped them.
The following is Linode's guide on compromise recovery:
I wish you the best in recovering your system.