One of my directadmin admin accounts was hacked into and was used to send thousands of spam emails.
Directadmin sent me a warning that 12000 emails had been sent.
I changed the password on the account, deleted all the files on the website in question (It was a wordpress site so I was wondering if wordpress was hacked), and cleared all the spam that was in the mail queue.. and so far it looks like the spamming has now stopped.
But i'm not sure how the account was compromised. I'm the only "user" on the server - and the account in question is not actively logged into - and I use cryptic passwords.
The only thing I can think of is possibly the wordpress install was hacked and used to send the emails via php?
I ran rkhunter to make sure no rootkits have been installed and it was clean.
Is there anything else I should be doing to make sure the server itfself wasn't hacked?
The server in question is running centos 6.5, with suphp.
Thanks for any advice!
Directadmin sent me a warning that 12000 emails had been sent.
I changed the password on the account, deleted all the files on the website in question (It was a wordpress site so I was wondering if wordpress was hacked), and cleared all the spam that was in the mail queue.. and so far it looks like the spamming has now stopped.
But i'm not sure how the account was compromised. I'm the only "user" on the server - and the account in question is not actively logged into - and I use cryptic passwords.
The only thing I can think of is possibly the wordpress install was hacked and used to send the emails via php?
I ran rkhunter to make sure no rootkits have been installed and it was clean.
Is there anything else I should be doing to make sure the server itfself wasn't hacked?
The server in question is running centos 6.5, with suphp.
Thanks for any advice!
