Arghh... Spamming came back... I will build a new server and transfer some websites to it since I can't find the problem. Is it a good idea? Since the spamming is intermittent, do you think an infected user computer could be responsible for this? Or since he is connecting to the mail server, I would see the mails in the logs.. Do you offer system administration service? I'm thinking about hiring someone to fix the issue but I first thought of you. Best regards,
It is unlikely that a server reinstall will help here as it is one of the sites that is causing the isue, not the server setup. as soon as you copy the existing sites to the new server, the same issues will start again. What you can try is that you install mod_security in apache. mod_security is an application firewall and it might prevent that the attackers get into the websites again. Such an issue must be visible in the mail logs, so it is more likely that its one of the websites. Yes, we offer system admin services, plese see support page on ispconfig.org for contact details.
I did thought that moving a problematic website would just move the issue to a new server, but moving it to a better configuration (more nginx modules and firewall) would probably help me find the source of the problem. I'm aware that my Nginx installation is not perfect and thought I might have some better logging on the new one. And, since the current spamming server is used for email, I thought that at least the spamming website would no affect email users by becoming blacklisted of shut down by the ISP. I would make this first server a mail only system until I configure a new SpamSnake based on https://www.howtoforge.com/the-perfect-spamsnake-ubuntu-jeos-12.04-lts-precise-pangolin if there's a new tutorial for 14.04. I have a feeling that moving all email user from a server to a new one will be a long and painful process. I will do this, but I need to do it during the night since there's people using mail and websites. Should I consider naxsi, or you prefer mod_security? If the mod_security does not fix the issue, you want me to create a ticket on http://support.projektfarm.com/ ? Thank you for your help!
If you want to use a dedicated mail server, then better use a ispconfig multiserver setup instead of the spamsnake tutorial. mod_security is for apache, when you use nginx then you have to use naxsi or a similar software.
As promised, here's a follow up of the spamming issue. Spamming only came back 2 times since the removal of the form using formmail.pl on july 10. I also did all the latest updates for Wordpress plugins on hosted websites so I'm not 100% confident saying that the issue was caused by the formmail. But that report below still satisfies me. I'll keep an eye on this. I configured a new server with naxsi and a better Nginx build. I also plan on upgrading the Nginx on the problematic server to allow real_ip from Varnish. I'll report any future update of this thread. Best regards,
