Hi - we have to troubleshoot our Linode instance, which currently has a ToS Violation - Spam Email issue.
Running CentOS 6.2 / Cpanel.
The main tasks include looking into the following steps.
- "/var/log/auth.log": for possible SSH brute force attack.
- "last": Cross reference recent account logins with the brute force attempts in "/var/log/auth.log”.
- /tmp: Look into this directory for files stored in there.
- Web server logs: Check for vulnerable scripts.
- "ps aux": Check for foreign processes