Is my server sending spam?

I have a FreeBSD server and according to Yahoo, it's sending spam:

http://cbl.abuseat.org/lookup.cgi?ip=216.55.161.147

Can someone help me look into this?  I have root access but not sure what to look for.
hrolsonsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GaryCommented:
That IP is hosting multiple domains, I assume you manage the whole server?
Could be any of those domains that have been hacked, if any of them are running Wordpress, Drupal etc

You are only listed on one DB so it could be just Yahoo having a hissy fit
0
GaryCommented:
And the offending website seems to be
blueapplehouses.com
0
hrolsonsAuthor Commented:
Yes, I manage the whole server.  blueapplehouses.com just completed a transition to Wordpress from a paid web developer.  How can I look deeper into the problem and hopefully eradicate it.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

GaryCommented:
Check the index pages for any base64 code.
0
hrolsonsAuthor Commented:
due to .htaccess none of the index pages are available.  Everything forwards to www.blueappleproperties.com, which is the WordPress site that Dex made.
0
GaryCommented:
Uh?
0
R_EdwardsCommented:
Hrolsons,
     What Gary is trying to explain is to look at your index.php files and find a string that looks like the following:


<?php eval(base64 decode('ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCPC9pZnJhbWU+PC9kaXY+JzsNCn0='));
the real code will be much longer.

in a nutshell your index.php files were modified by a virus or someone being malicious


/r
-= Richard
0
hrolsonsAuthor Commented:
I don't have any index.php file in the base directory.
0
GaryCommented:
There must be an index.php file in the WP root directory - if there wasn't it wouldn't work
0
hrolsonsAuthor Commented:
That file must be on the server that is redirected to, which I don't have access to.  I control blueapplehouses.com but in the .htaccess:

RewriteCond %{REQUEST_URI} !^/Intranet
RewriteCond %{REQUEST_FILENAME} .*\.html$
RewriteRule . http://blueappleproperties.com [L]

Open in new window


It sends users on to blueappleproperties.com, which I don't control.
0
GaryCommented:
It may not be that site, it was just an educated guess.

Check through your mail logs, see if you can identify any spam.
It could be that you have an open relay, if so you need to clamp down on your security and require authorisation for all email.
You can test for open relay's here
http://www.dnsgoodies.com/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hrolsonsAuthor Commented:
I ran 216.55.161.147 and blueapplehouses.com through the open relay check on the site you suggested and it was clean.

I can't figure out why Yahoo is rejecting mail from the server.
0
GaryCommented:
Check the other sites on the server as well
0
serialbandCommented:
It' possible that you didn't spam and yahoo filters went overboard.

Yahoo will sometimes block you even if you're not sending spam.  If you have a legitimate mailing list and it got sent out a little too quickly, yahoo will block you.  Even if you've done the throttling to not trigger yahoo right now, yahoo may someday just decide that you're still spamming, even after you've called them before and verified with them about the mailman mailing lists that people must manually sign up for and verify.  They're the only large company that causes problems for legitimate mailers.
0
Dirk MareSystems Engineer (Acting IT Manager)Commented:
Another site to test if your mail server is an open relay.
www.mxtoolbox.com

DirkMare
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.