Got a bit of a dilemma, I just recently discovered my VPS was sending spam, this was brought to my attention by my hosting company. And sure enough I went to check the mail queue log in my control panel, I'm using plesk btw, and it failed to open a sure sign that someone has hacked us and is sending spam.
Unfortunately, the tech support is non existent, or very unhelpful I should say which is fair enough. The only clues I have is that I have the so called username, and the name of the script that appears to be sending it from.
The script is called config.php, and as far as I can see the only file on my server containing config.php is a codeigniter file.
I've changed my VPN root password, I've changed the ftp passwords they are very strong 20 random alpha numeric characters. I've deleted all the files on one website that the spam header appeared to come from.
Now I don't even use the servers mail service to send emails, I always use gmail. So I was thinking why can't I just turn off sendmail and qmail, which appears to be what my server uses.
I'm really confused on how to start debugging this. Obviously, this is high priority, our hosting has threatened to shut us down if we don't rectify this soon, and I don't want to get blacklisted.
Has anyone had any experience dealing with this sort of thing?