I just wanted to give some feedback on 2 installations I did 2 months ago with the perfect setup Debian Lenny + ISPConfig 3 (1 Master, 1 Slave).
The installation itself was easy and painless, but now the first installation Lenny + ISPConfig 3 was hacked and was used for Paypal Phishing attempts. I do not know how they did it, as the server is currently offline (my hoster had to do this, firefox even reports my server as a phishing server
). The installation was 100 % Standard, no mods on my side. So, there is some security issue somewhere.
The second installation also went fine, but I recognized heavy traffic (300 MB / hour) without any special software installed. After some debugging I recognized that on the standard-install, apache2 is configured for ProxyRequests and some spammers used my machine for that. After shutting that down, the traffic went back to normal. Maybe this should be mentioned and addressed in the tutorial.
One thing which should also be addressed is, that at the time of my installation the latest phpmyadmin-packages for debian which you download with apt-get had a security-problem regarding the config-file, as after installation the cookie-based authentication (needed by ispconfig) got changed to user-based in the config-file (there are posts about this on the inet, as this broke the ispconfig3 authentication).
Again, this should be addressed or at least mentioned in the perfect setups.
Keep on the good work,