The IP address of my dedictaed linux server keeps getting blacklisted by the CBL.
I have tried search the log files but I can't see how/if the server is actually infected with malware.
The CBL gives the following reason for the blacklisting
"This IP is sending email in such a way to indicate that it is, or is NATting for a web server that is infected with a spam sending script, like Darkmailer, DirectMailer, r57shell, or some analogous Perl, PHP or CGI script."
I am looking for a Linux expert who is experienced at looking at log files and port activity to find the source of the infection and remove it.
My server doesn't have a GUI e.g. Plesk and so is accessed by SSH command line only.
The server runs Magento and two installation of Wordpress. Hence the ideal person would be familiar with these two pieces of software, to ensure that any investigation work undertaken doesn't disrupt the actual server working.
In terms of action already taken, I was mostly worried about wordpress vulnerabilities. Hence I have installed the premium version of WordFence to protect the wordpress installations. I have also deleted all blog comments and prevented future blog comments in case this was allowing some kind of malicious injection.
I have setup a SPF record to identify the IP address as being able to send emails on behalf of my domain name. I have also setup the server hostname and reverse DNS. HOwever, I realise this doesn't address the malware issue.
I have tried to look at the server logs but I can't see much activity on Port 25. However, I am aware that some malware can bypass the logs so this doesn't catch everything, I also ran [url removed, login to view] but this flagged up logs of jpg files which in fact were not corrupted at all, and so it doesn't really help find the cause of the issue.
If you are interested please give an an idea of your experience in fixing this kind of issue, as really I would like to pay the price for an expert rather than an enthusiastic learner.
Hello, give me 30 minutes and shell , and i will tell you exactly whats going on, i'll also clean up vulnerabilities and will do my best to analyze where it comes from and how to defense.