Hey guys.
Got a little problem and maybe some of you more experienced linuxadmins can help me out.
I have a server that runs websites and is also a mailserver (postfix, dovecot, imscp). There are a lot of websites and every once in a while a wordpress site gets hacked and my server starts to send out spam, gets blacklisted and I don't want this to happen anymore, pain in the ass. I've been looking up ways of making wordpress more secure and less prone to getting hacked (htaccess stuff mostly) but I also want to have a way to monitor my postfix mail queue. When these hacks happen the server starts sending out emails like randomfirstname.randomfamilyname@oneofmydomains.tld by the truckload. I can usually track it down by looking at the apache access log of the offending website, you can usually find the php being called. Any ideas how to combat this? How do they even send the mails?
Thanks for any help in advance.
[link] [comments]