Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 13th July 2006, 20:07
nenad nenad is offline
Senior Member
 
Join Date: Nov 2005
Location: Novi Sad, Serbia
Posts: 415
Thanks: 13
Thanked 5 Times in 5 Posts
Default How to ban failed SSH, FTP, POP3 and SMTP logins?

So, as title says I am interested in findig the best possible way to ban all of IP's from where failed logins originate for ssh, ftp, pop3 and smtp services.

I past few days few hackers from China are permanently trying to login in any/all of those services. My complaints to their network's hostmasteers were hopeless.

As I am still under attack 24h daily, I am open to all sugestions.

P.S. DenyHosts installed for SSH. Logcheck too.
__________________
Nenad Bulatovic
---------------
Debian Lenny & ISPConfig 3
Reply With Quote
Sponsored Links
  #2  
Old 13th July 2006, 21:21
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,146
Thanks: 4
Thanked 55 Times in 51 Posts
Default

For SSH I have this running:

http://www.howtoforge.com/preventing...with_denyhosts

on Debian Sarge and a SuSE 9.2 server

Oh, you have DenyHosts already ^^
Reply With Quote
  #3  
Old 13th July 2006, 21:32
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,037
Thanks: 268
Thanked 152 Times in 132 Posts
Default

Not sure if FWSNORT is of use to you..

I'm using PSAD, but thats a Port Scan Attack Detector.
Reply With Quote
  #4  
Old 13th July 2006, 21:35
nenad nenad is offline
Senior Member
 
Join Date: Nov 2005
Location: Novi Sad, Serbia
Posts: 415
Thanks: 13
Thanked 5 Times in 5 Posts
Default

How to use DenyHosts for FTP or mail login ? Is it possible?
__________________
Nenad Bulatovic
---------------
Debian Lenny & ISPConfig 3
Reply With Quote
  #5  
Old 13th July 2006, 22:41
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,037
Thanks: 268
Thanked 152 Times in 132 Posts
Default

An other one I just found.. Fail2Ban
Reply With Quote
  #6  
Old 14th July 2006, 13:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Also have a look here: http://www.howtoforge.com/forums/showthread.php?t=4611
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 14th July 2006, 14:09
nenad nenad is offline
Senior Member
 
Join Date: Nov 2005
Location: Novi Sad, Serbia
Posts: 415
Thanks: 13
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by edge
An other one I just found.. Fail2Ban
Some people are claiming that there are some problems with it.

BTW all of the solutions are mostly for SSH or FTP but I need solutions for SMTP and POP3 as I noticed that hackers are trying to break in mail server too. Probably they want to use it for spaming. What is the best solution to keep seafe mail server from brute force password crack?
__________________
Nenad Bulatovic
---------------
Debian Lenny & ISPConfig 3
Reply With Quote
  #8  
Old 23rd June 2007, 17:55
spunk spunk is offline
Junior Member
 
Join Date: Jun 2007
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by nenad
So, as title says I am interested in findig the best possible way to ban all of IP's from where failed logins originate for ssh, ftp, pop3 and smtp services.

I past few days few hackers from China are permanently trying to login in any/all of those services. My complaints to their network's hostmasteers were hopeless.

As I am still under attack 24h daily, I am open to all sugestions.

P.S. DenyHosts installed for SSH. Logcheck too.

I installed ISPConfig for the first time yesterday and was amazed at it's capabilities. A very big "thank you" to all the developers.

DenyHosts has worked very well for me in the past on some other servers I have built and I will be installing it on my ISPConfig server. Until then, I made a few changes to the default sshd_config settings from my new install to increase the security of ssh. I set PermitRootLogin to "no" and added AllowUsers to just my personal login. Just these two changes alone will tighten up your ssh quite a bit. If you want to go further, changing the port sshd listens to is a great idea, as is using crypto keys instead of password authentication.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
pop3 service alone is failed in "The Perfect Setup - Debian Sarge (3.1)" nandhu HOWTO-Related Questions 60 5th August 2008 16:15
smtp problem z.y Installation/Configuration 12 14th April 2006 17:51
POP3 SMTP FTP problem arsu Installation/Configuration 1 11th November 2005 10:32
Perfect Debian 3.1 failed of the E-MAIL Server explorer1979 HOWTO-Related Questions 1 21st October 2005 18:43
Unable to connect MS Outlook to pop3 nandhu HOWTO-Related Questions 1 12th August 2005 19:06


All times are GMT +2. The time now is 09:12.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.