Hello Till and thank you for the quick response!!
I've gone thru the rkhunter reports and it was only that the root account had access thru SSH (I've blocked it in the firewall, works only in the internal net) and also a .dat file was missing (but I ran "rkhunter --propupd" to fix it).
When it comes to fail2ban I have installed it on the server, but do not know how to use it (came as an option while installing ISPconfig server via the usual guides). Is there a manual/guide of some sort that I can read and get some more information about what it does and how to do it?
The best thing whould be to check if a IP adress is trying to access the services on the server more than say 20-30 times and then block it. Some costumers may type in the wrong password but not that many times...?