We have received a report of spam originating from your Linode. We ask that you investigate this matter as soon as possible to determine why mailings originating from your Linode are being marked as spam. If you were not aware that activity of this nature was originating from your Linode, it is likely that your Linode has been compromised, and you’ll want to take appropriate action.
We take the integrity of our network very seriously, and we appreciate your cooperation in investigating this activity. Please keep us updated via this ticket as you look into the issue.
If you have any questions or concerns, please let us know!
You may want to audit the following log files and writable directories:
– “/var/log/auth.log”: You may have fallen victim to a SSH brute force attack.
– “lastlog”: You can cross reference recent account logins with the brute force attempts in “/var/log/auth.log”.
– /tmp: This directory is often used by attackers to store their files in.
– Web server logs: You may have installed a vulnerable script or web application.
– “ps aux”: Check for foreign processes.
If you do find that your system has been compromised, I’d strongly suggest completely redeploying your Linode as it is often very difficult to determine the full scope of an attack. If downtime is a concern to you, the following guide will assist you with safely recovering your data and redeploying your Linode with minimal downtime:
If you do not want to spin up a new Linode as advised in the above guide, you can simply deploy a new distribution and mount your old disk images within it to copy your data over. You will first need to free up some space to deploy the new distribution. You can do this by resizing your existing disk image:
You can then deploy your new distribution and attach your old disk images to it:
– Select the “Deploy a Linux Distribution” link on your dashboard.
– Choose your desired distribution, fill in the the required values, and then click on “Deploy”.
– Return to the dashboard and select your new configuration profile.
– Attach your old disk image to the drive setup of your new deployment.
– Boot into your new deployment and mount your old disk image.
– Copy your data.
Once you have redeployed your Linode, I’d also recommend implementing some of the security measures advised in our “Security Basics” guide to minimize the risks of a security breach in the future:
I hope that you have found this information helpful. Please keep us updated on your progress and findings.