How to prevent your VPS being used for spam
This article applies to 123 Reg servers running Plesk.
This article will explain how you can prevent your VPS being affected by spam.
Server security issues come in two main types:
- Where the server is compromised giving attackers have full control of the server.
- Where individual websites on the server have been compromised.
Scripts running in a website normally only have access to the account they are running in, this means if an account is hacked attackers can't alter other sites running on the server or make changes to the underlying server configuration.
This second type of hack results from attackers exploiting the code of a website. Detecting the comprised sites is also difficult as typically attackers will insert redirects into a site to an external server that contains the actual malware, redirects could be a legitimate part of the site. Similarly spam sending scripts are hard to differentiate from legitimate email scripts.
It could be someone else sending spam claiming to be from your server, it could be a local PC infected but configured to use your server for outgoing mail.
Check if your accounts have weak passwords. Spammers will typically connect to a server and try a few hundred common passwords before moving on. These may well include passwords that are the same as the username and domain name. They will also include common obfuscations of the word password.
Attackers will always make login attempts using either the full email address as the username or just common names. You should always have passwords with upper and lower case letter, numbers and symbols.
Spam Assassin is available as part of the Plesk Power Pack and once installed can be found by going to the Settings > Server Components > psa-spamassassin.
Spam Assassin can be set globally or per domain.
Kasperskey AV is our premium antivirus. It does not just prevent Spam. It also protects against trojans, worms and other malware/viruses which commonly come in through contaminated emails.
Please note: You can purchase Plesk Power Pack from the Manage VPS section of your 123 Reg user control panel.
Implement an SPF record
Adding an SPF record prevents other servers from sending mail claiming to be from your domains. If adding an SPF record reduced spam then the issue was external and nothing to do with your server.
An SPF record allows you to specify IP addresses that are legitimately allowed to send email for your domain name. The purpose being to stop spammers trying to use your domain name. You can generate an SPF record for your site here:
Set a Hostname
Configure a hostname via your server control panel or root access i.e mail.domain.com within the /etc/hostname file. This is done in the server settings area.
Set a SMTP Banner
Ensure the SMTP banner matches the hostname, if you are unsure about how to setup this please raise a support ticket using the Ask a Question link above. Please ensure you provide them the hostname for your server.
Setup Reverse DNS/PTR
Implement a "Reverse DNS/PTR" record for your IP address to match the above. i.e mail.domain.com, if you are unsure about how to setup this please raise a support ticket using the Ask a Question link above. Please ensure you provide them the hostname for your server.
Blocking an email address or an IP address
By looking in the mail queue in Plesk or cPanel you can find the email address that is being used, you can then add this email address to your blacklist.
You can find IP addresses in the /usr/local/psa/var/log/maillog or in var/qmail/queue/mess in Plesk you can add these to the firewall rules to block them.
The IP can be found by looking in the email headers in var/qmail/queue/mess in plesk or in the mail queue in cPanel.