Prev Previous Post   Next Post Next
Old 19th January 2013, 19:05
Toucan Toucan is offline
Senior Member
Join Date: Dec 2009
Posts: 479
Thanks: 78
Thanked 41 Times in 34 Posts
Default Toughening up

Running debian lenny ispconfig on a VM

Trying to work out why the server each day comes under an increased load at a certain time and becomes unresponsive, I've had a look into the logs.

One common thing is it keeps getting attempts to connect via ftp, literally 100s of times. The attempts are always failed, but I think leads to the higher load.

To try and slow this a little, I've attempted to add ftp to fail2ban and all appeared to work.

I used this thread as a guide.

The other major attempts that keep failing are pop3 connections. To help fight these off, do I simple change the following records to true?


enabled  = false
port     = smtp,ssmtp
filter   = postfix
logpath  = /var/log/mail.log


enabled  = false
port     = smtp,ssmtp
filter   = couriersmtp
logpath  = /var/log/mail.log

# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned


enabled  = false
port     = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter   = courierlogin
logpath  = /var/log/mail.log


enabled  = false
port     = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter   = sasl
logpath  = /var/log/mail.log
Or is there a better way to deal with these attempts?
Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 16:33.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.