I run a blog on wordpress. Recently I received a abuse complaints from the server which when verified returned this:
============================================================
Received: from [192.241.188.154] by usfamily.net
(USFamily MTA v5/:PG5vcm1hX2NoYW1iZXJzQG1yaW5hbHB1cm9oaXQuY29tPjxkamtpbm5leUB1c2ZhbWlseS5uZXQ_)
with SMTP id <20140301115044001084500013> for <djkinney@usfamily.net>;
Sat, 01 Mar 2014 11:50:44 -0600 (CST)
(envelope-from norma_chambers@myblog.com, notifiable emailnetwork 192.241.188.)
Received: by myprimarydomain.com (Postfix, from userid 498)
id 1C5EE1305AE; Sat, 1 Mar 2014 17:12:39 +0000 (UTC)
To: djkinney@usfamily.net
Subject: FW: Good day
X-PHP-Originating-Script: 498:sslnEn.php
From: "Norma Chambers" <norma_chambers@myblog.com>
Reply-To: "Norma Chambers" <norma_chambers@myblog.com>
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Message-Id: <20140301171239.1C5EE1305AE@myblog.com>
Date: Sat, 1 Mar 2014 17:12:39 +0000 (UTC)
Content-Transfer-Encoding: quoted-printable
<div>
<p>
Top Meds Website good deal <a href=3D"http://dumantarim.com/modules/mod_=
araticlhess/rlf.html">http://dumantarim.com/modules/mod_araticlhess/rlf.h=
tml</a>
</p>
</div>
============================================================
Now I assumed that it meant this:
Several unsolicited emails were sent from the id norma_chambers@myblog.com. If my assumption is correct, this email id should have existed on the VPS AND user had access to the email account to send mails. Does it really means that my server (VPS) was hacked?
Am I on the correct path to trace this problem? Please shed some light.
Not so much an answer as a workaround that helped me. By simply changing the directory path for wordpress from wordpress to dennis fixed 99% of these problems. It would appear that most of these attacks are based on default names and paths.