Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Need help to solve the "Abuse Complaint"
New on LowEndTalk? Please Register and read our Community Rules.

Need help to solve the "Abuse Complaint"

I am running one site with Worpdress, but it seems that it can't get avoid of "Spam complaint". I have used Ramnode for some time and it shut down my server for this reason for several times ( I am not complaining). And this time, URPad tell me about this kind of Complaint again.

My Wordpress and plugins had been updated to the latest version.
I have just changed my admin password AGAIN
I have browsed my template so that there is no backdoor code.

What else can I do? Need suggestions...

We have received the following spam complaint originating from your VPS. Please resolve this issue as soon as possible.

[ SpamCop V4.8.1.007 ]
This message is brief for your comfort. Please use links below for details.

Email from My-ip / Fri, 28 Mar 2014 10:20:12 +0200
http://www.spamcop.net/w3m?i=z6105225295z99ec1371d974b6f1fe0bb7cc87460d9cz
My-ip is open proxy, see: http://www.spamcop.net/mky-proxies.html

[ Offending message ]
Return-Path: 
Received: from b.mx.colocall.net (b.mx.colocall.net [62.149.2.57])
by colocall.net with ESMTP id s2S8KZJO086543
for ; Fri, 28 Mar 2014 10:20:35 +0200 (EET)
(envelope-from [email protected])
Received: from as8.telkomsa.net (as.telkomsa.net [196.25.211.37])
by b.mx.colocall.net with ESMTP id s2S8KFxJ023870
for ; Fri, 28 Mar 2014 10:20:34 +0200 (EET)
(envelope-from [email protected])
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.98.1 at mars.colocall.net
X-SPAM-Check-IP: 196.25.211.37
X-SPAM-Filters: 
Received: from unknown (HELO hercules.telkomsa.net) ([192.168.111.126])
by as8.telkomsa.net with ESMTP; 28 Mar 2014 09:58:47 +0200
Received: from localhost (localhost [127.0.0.1])
by hercules.telkomsa.net (Postfix) with ESMTP id 33F565F800A
for ; Fri, 28 Mar 2014 10:20:13 +0200 (SAST)
X-Virus-Scanned: amavisd-new at hercules.telkomsa.net
Received: from hercules.telkomsa.net ([127.0.0.1])
by localhost (hercules.telkomsa.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Xf18q9-UWHlG for ;
Fri, 28 Mar 2014 10:20:13 +0200 (SAST)
Received: from telkomsa.net (unknown [My-ip])
by hercules.telkomsa.net (Postfix) with ESMTPA id 723715F8023
for ; Fri, 28 Mar 2014 10:20:12 +0200 (SAST)
Date: Fri, 28 Mar 2014 8:20:09 +0000
From: "=?windows-1251?Q?=C5=E2=F3=F1=FF_=D0=FE=EC=EE=E2=E0?=" 
Organization: alurhiizvn
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
To: x
Subject: =?windows-1251?Q?__=C7=E0=EA=EE=ED=EE=E4=E0=F2=E5=EB=FC=ED=FB=E5-=F2=F0=E5=E1=EE=E2=E0=EE=ED=E8=FF=2C=EF=EE=EA=F3=F3=EF=E0=F2=E5=EB=FF=2C=2C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
X-Verify-Sender: Address has been verified (b.mx.colocall.net)
X-Content-Filter: b.mx.colocall.net: passed

http://besorgs-deiner-mudda.de/vw/r2.php

-----------------------
Jason Kaminsky
Director of Systems Administration
VMVPS - VPS coupons and reviews for Chinese visitors.
Donation, Banners buying and Offers posting, contact: admin#vmvps.com (Change # to @)

Comments

  • RalliasRallias Member, Provider

    Your VPS has a vulnerable PHP mailer.

  • Review outgoing mail logs, most of the time you can find which folder the script is on, then review your files. Moving infected files to other hosts will only trigger the same issue.

    I'm here to collect your heart

  • btw, is there any automatic way to discover a PHP mailer on vps ?

  • @arieonline said:
    btw, is there any automatic way to discover a PHP mailer on vps ?

    Try Linux Malware Detect

    Thanked by 1tszilassi

    I'm here to collect your heart

  • HC_RoHC_Ro Member
    edited March 2014

    Best thing to do is backup the WP database and just reinstall everything. Reinstall any plugins/update that are absolutely needed and dont install ones less commonly used by you. Always make sure WP is up to date.

  • mikhomikho Member, Provider

    It could also be the that your local mailserver allows delivery without authentication from remote ips.

    I can now be found at https://talk.lowendspirit.com
    or on twitter
    Come say HI! :)
  • Get rid of the spamcop link @VMVPS

    Also, does your WP install send as [email protected] ?

  • VMVPSVMVPS Member

    Thanks @Rallias @ DalComp

    I have checked my log and found alot of request from Russian... I just deleted my script and will check it later.

    @HC_Ro Yes I will follow this steps AGAIN. so sad...

    VMVPS - VPS coupons and reviews for Chinese visitors.
    Donation, Banners buying and Offers posting, contact: admin#vmvps.com (Change # to @)
  • HC_RoHC_Ro Member

    VMVPS said: Yes I will follow this steps AGAIN. so sad...

    I recommend https://infinitewp.com/ to keep up to date on updates etc.

  • AlexanderMAlexanderM Top Provider

    You're not supposed to shared SpamCop reports...

    Alexander

    HostUS | OpenVZ & KVM VPS in 10 worldwide locations with our own Breeze Panel!
    AS7489 | View our network | LIR Services - IPv4, IPv6, ASN | Latest Special Offers!

  • RalliasRallias Member, Provider

    AlexanderM said: You're not supposed to shared SpamCop reports...

    There's nothing saying you can't.

  • AlexanderMAlexanderM Top Provider

    @Rallias said:
    There's nothing saying you can't.

    A company I talk to got a really hard time from spamcop, because they were forwarding the reports to the end user, never mind a public forum.

    Alexander

    HostUS | OpenVZ & KVM VPS in 10 worldwide locations with our own Breeze Panel!
    AS7489 | View our network | LIR Services - IPv4, IPv6, ASN | Latest Special Offers!

  • RalliasRallias Member, Provider

    AlexanderM said: A company I talk to got a really hard time from spamcop, because they were forwarding the reports to the end user, never mind a public forum.

    They sent an email. They have no reasonable expectation of privacy.

  • lewekleoneklewekleonek Member
    edited March 2014

    Do you even need MTA on your VPS? If not then shut it down and disable it, be it exim4, postfix.
    If you really need your WordPress to send e-mails look here http://wordpress.org/plugins/configure-smtp/ This way you would be able to use Gmail, Mailgun or any other SMTP service to relay WordPress e-mails for you.

    Also, that should go without saying - secure your VPS. Operating system first and then your web server/PHP/database components. Make sure you run recent versions of the software to avoid known vulnerabilities.
    I would recommend to install http://wordpress.org/plugins/sucuri-scanner/ and scan your installation with it. It's free.

Sign In or Register to comment.