Hi friends of Virtuamin, i guess my server is hacked, in the Postfix Queue i can find some messages like this:
Mail headers View all headers
From Custom 2 <custom2@example.com>
To =?utf-8?B?aGVsbG8=?= <hello@example.com>
Date Tue, 18 Dec 2012 05:51:45 +0000
Subject =?utf-8?B?Rm9ybXVsYXJpbyBkZSBDb250YWN0bw==?=
Message text
Nombre: Anelfinia
E-mail: user@gmail.com
Telefono: 123456
Comentario: viagra without prescription
- viagra without prescription
, cheap viagra
What do you think I should do? Have this happened to anyone? Thanks.
You might want to check your mail log which local user delivered those emails. On Debian, the mail log is in /var/log/mail.log. Most of the time, a compromised web software is used to send out spam. If you're using FCGId, each virtual server should run as their own user.
You can use the software "LMD" (Linux Malware Detect) to scan for malicious web scripts in your /homes.