This article provides instruction on prevening email spamming from your hosting account or from your server:
If you are a shared hosting customer & do not have server access, you can do following things to prevent spamming & tighten up your account / files security.
1) Application:
1. Always remember to update & upgrade your website applications such as WordPress, Joomla, Drupal etc. You can enable auto-update to save your time & energy. However, this may cause your website custom styling such as css edits or custom html codes or other paths. Hence, make sure you use custom css & custom directory structure for manual embedding system. Make sure you have a backup of your files & databases.
2. Remove un-wanted email addresses or FTP accounts if you have any. Also, make sure you have strong password with the combination of:
i) An uppercase letter
ii) A lowercase letter
iii) A special charecter
iv) A number
Example: ^sI1a5)sZaK# [such passwords cannot be guessed]
Note: Make sure to use different passwords for each website / applications so even if one of your website password is compromised, the rest stay secure.
3. Make sure you have proper directory & file permissions when you are on Linux Server Environment. Only temp & upload directories will have full permissions, other than these, you must have 755 for directories & 644 for files & specially 444 for configuration file which is mostly used as read-only file. Also, note that, you can keep your private data or uploadable/writable directories beyond your public folder [public_html/htdocs] & call them via application as required. This provides highest security to your data.
4. Prevent your file structures or directory structures crawled in search engines. You can setup robots.txt or use htaccess rules to prevent un-wanted traffic from bots/bad-users etc. Browse our Knowledgebase for more deatils about htaccess tools & usage.
5. We provide complete access log for your website. You can lookout for IPs, files that was accessed on your hosting account, so you can block the IP or secure/remove if the file is not being used in the website.
If you are a Server Administrator, you can do a lot of things to prevent spamming on your server:
1. Force update/upgrade your applications & files. You can use command-line interface to upgrade applications now a days.
2. Write shell scripts to gather daily traffic & files to monitor your server.
3. Block IPs using htaccess or ip table commands.
4. find files that are executables using find command & change them as needed.
5. Use clamAV to scan daily & get report via email.
6. If you are using cPanel, limit mail per hour & sending emails as nobody or server hostnames.
7. Use mod_security rules to prevent un-wanted traffic to your website.
8. Make sure you have the best security to your webserver, database server & ftp servers.
If you need any help / advice on your VPS or shared hosting with us, please do contact us & we will be glad to help you.
