I run a blog on wordpress. Recently I received a abuse complaints from the server which when verified returned this:
============================================================ Received: from [18.104.22.168] by usfamily.net (USFamily MTA v5/:PG5vcm1hX2NoYW1iZXJzQG1yaW5hbHB1cm9oaXQuY29tPjxkamtpbm5leUB1c2ZhbWlseS5uZXQ_) with SMTP id <20140301115044001084500013> for <email@example.com>; Sat, 01 Mar 2014 11:50:44 -0600 (CST) (envelope-from firstname.lastname@example.org, notifiable emailnetwork 192.241.188.) Received: by myprimarydomain.com (Postfix, from userid 498) id 1C5EE1305AE; Sat, 1 Mar 2014 17:12:39 +0000 (UTC) To: email@example.com Subject: FW: Good day X-PHP-Originating-Script: 498:sslnEn.php From: "Norma Chambers" <firstname.lastname@example.org> Reply-To: "Norma Chambers" <email@example.com> X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Message-Id: <20140301171239.1C5EE1305AE@myblog.com> Date: Sat, 1 Mar 2014 17:12:39 +0000 (UTC) Content-Transfer-Encoding: quoted-printable <div> <p> Top Meds Website good deal <a href=3D"http://dumantarim.com/modules/mod_= araticlhess/rlf.html">http://dumantarim.com/modules/mod_araticlhess/rlf.h= tml</a> </p> </div> ============================================================
Now I assumed that it meant this:
Several unsolicited emails were sent from the id firstname.lastname@example.org. If my assumption is correct, this email id should have existed on the VPS AND user had access to the email account to send mails. Does it really means that my server (VPS) was hacked?
Am I on the correct path to trace this problem? Please shed some light.