What to do if your server is used for spamming

Clara - VPS Hosting Team

Spam problems are a common issue on servers, and you may have encountered them with your VPS. To help, we've created this guide to explore potential causes and solutions for spamming.

Why Is Your Server Sending Spam?

Several factors could be causing your server to send spam:

1. Your VPS has been hacked

2. Your website has been compromised

3. Intentional spam activities

We'll focus on the first two issues and provide tips to minimize the risk of your server being used for spamming.

If Your VPS Has Been Hacked

If your VPS is used for tasks like data storage or VPN services and doesn't require mail services, follow these steps:

1. Disable Mail Services: Remove or disable mail services such as Exim, Postfix, or Sendmail.

2. Block SMTP Ports: Block ports 25, 465, and 587 using iptables or your firewall software.

3. Prevent SSH Tunnel Spam: Spammers might use SSH tunnels to send spam. Secure your server by using strong passwords, a custom SSH port, and SSH keys. Limit access to trusted individuals only.

4. Keep Software Updated: Regularly update your software and perform security checks or antivirus scans. Use a firewall to block unwanted connections and keep security logs.

If Your Website Has Been Hacked

For VPS focused on web hosting, follow these steps:

1.Scan for Malware: Use antivirus software to scan your server. Most attacks are known, and antivirus tools can detect them.

2. Update Your CMS: Ensure your Content Management System (CMS) is up-to-date to fix vulnerabilities. Set up automatic updates or check manually.

3. Use ModSecurity: If you're using Apache, install ModSecurity, a web application firewall that helps block harmful requests and prevent infections.

4. Secure Passwords: Use strong, secure passwords for your CMS and keep them private.

5.Avoid Unknown Plugins: Do not use unverified plugins that could compromise your website.

6. Restrict File Uploads: Limit the file types allowed for upload on your website.

7. Set Proper Permissions: Assign appropriate permissions to files and folders, avoiding "777" permissions.

If Spam Issues Persist

Despite efforts to prevent spam, occasional emails like confirmations or password resets might still trigger spam filters and lead to blacklisting. To improve email trustworthiness:

1. Set Up SPF and DKIM Records: Implement these DNS records for your domain to authenticate your emails.

2. Avoid Spam Keywords: Refrain from using keywords related to sales or marketing. Check resources for examples of spam-triggering words here.

3. Keep Emails Informative: Ensure emails are purely for informational purposes and not for marketing or newsletters.

Final Notes

Regularly check mail and server access logs for anomalies.
Keep your system and software up-to-date.
If blacklisted, focus on investigating and resolving the issue.

Remember: Spamming is prohibited by our Terms of Service. Review them here.