As you might gather from my recent posts, I’ve been battling some spam attacks on WordPress. I’ve found a few things quite helpful:
1. Maldet is a commandline tool for linux that you can use to scan directories for malicious scripts. It doesn’t catch everything, but it’s good for a quick look. Google it for more info.
2. WordFence’s free WordPress plugin is invaluable in protecting and finding hacked files.
3. Exim (WHM’s mail service) can get overloaded with spam emails being sent out. It can actually eat up your disk space – so, if it seems like you’re suddenly running out of room on your server, ti could be that someone’s WordPress account was hacked and is sending out thousands upon thousands of emails. Aside from deleting the hacked files, etc, you’ll have to clear out the Exim message queue. There are posts online that tell you how to interact directly with exim to clear out the queue, but interacting with exim to delete a message takes a long time when you’re processing thousands of messages.
The fastest solution I found was to simply stop Exim and delete the logs and queue and start it again. Here’s the commands that worked for me:
cd /var/spool
mv exim exim.old
mkdir -p exim/input
mkdir -p exim/msglog
mkdir -p exim/db
chown -R mail:mail exim
/sbin/service exim restart
Reference: http://www.cyberciti.biz/faq/exim-remove-all-messages-from-the-mail-queue/