View Single Post
  #1  
Old 20th June 2009, 00:29
danielborene danielborene is offline
Junior Member
 
Join Date: Jun 2009
Posts: 24
Thanks: 7
Thanked 2 Times in 1 Post
Default Server Security / email and ftp

Hello,
I have couple of questions on how to improve security of server...
I've been looking the logs shown inside of ISPConfig, and I noticed under System-Log a bunch of people connecting to my FTP Server trying to figure out password of administrator account..
here is the message i get on the log.

Jun 19 17:46:48 server pure-ftpd: (?@61.152.159.231) [WARNING] Authentication failed for user [Administrator]
Jun 19 17:47:04 server pure-ftpd: (?@61.152.159.231) [INFO] PAM_RHOST enabled. Getting the peer address
Jun 19 17:47:17 server pure-ftpd: (?@61.152.159.231) [INFO] New connection from 61.152.159.231
Jun 19 17:47:17 server pure-ftpd: (?@61.152.159.231) [INFO] PAM_RHOST enabled. Getting the peer address
Jun 19 17:47:24 server pure-ftpd: (?@61.152.159.231) [WARNING] Authentication failed for user [Administrator]
Jun 19 17:47:28 server pure-ftpd: (?@61.152.159.231) [INFO] PAM_RHOST enabled. Getting the peer address

Is there a way I can make it more secure, if somebody tries to authenticate 3 times the system block the connection from that ip adress for a determined amount of time..??

The second question is...
On ISPCOnfig under Mail Warn-Log, looks like spammers a trying to user mail smtp server to send emails.
This is the message show on the log:

Jun 18 09:50:14 server postfix/smtpd[19299]: warning: 76.76.122.116: address not listed for hostname generic.gogax.com
Jun 18 10:07:26 server postfix/smtpd[20894]: warning: 92.255.64.20: hostname otr-gw5.lentel.ru verification failed: No address associated with hostname
Jun 18 11:11:24 server postfix/smtpd[26056]: warning: 93.178.214.124: hostname 124-214-178-93.lviv.farlep.net verification failed: No address associated with hostname
Jun 18 13:06:22 server postfix/smtpd[4212]: warning: 78.164.146.209: hostname dsl78.164-37585.ttnet.net.tr verification failed: No address associated with hostname
Jun 18 13:11:51 server postfix/smtpd[4884]: warning: 88.246.80.137: hostname dsl88-246-20617.ttnet.net.tr verification failed: No address

I know my server is already setup to require authentication before sending emails... is this something I need to worry about?
Can I make my smtp server more secure?

Thank you.
Reply With Quote
Sponsored Links