openVZ VPS spam

Question

i have an openvz vps,, and i use to run only openvpn server.. but one day, my datacenter told me they suspended my vps because it was sending spam? well im not using smtp or stuff on my vps, its just plain VPN server.. now can u provide me ways on how to block spam,,

1st. i dont need smtp service, you can remove it, but how pls help 2nd. i also dont need httpd/apache, does httpd helps sending spams? thanks guyz.

3rd what port should i block? how do we block ports using iptables?

Answer 1

You really need to get more details from your hosting provider about how the spams were sent. A list of the services running on your machine would be helpful too. A few possibilities:

• You might be running an SMTP server without knowing it. To deactivate it, uninstall whatever package is acting as an SMTP server (popular options are postfix, exim, sendmail, qmail).
• If you don't need a HTTP server, definitely uninstall it. By default it shouldn't allow the relaying of spam, but a dud config or script could definitely open up that as a vulnerability point, and not running a webserver at all fixes the problem permanently.
• Depending on your VPN, if it's been broken somehow that could be used as a source of spam relaying, but unless it's really, really bad, I wouldn't think it particularly likely.
• I'd say the most likely option, in general, is that an account on your server has a weak password, and it's been brute-forced and there's some malware running on the machine that's relaying the spam. This is a real big problem, as it could do more than just spam (act as part of a DDoS botnet, for instance). I'd be inclined to blow the machine away and start again if this is any sort of a possibility. Avoid the risk by using SSH keys for all access to the server.