Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 14th July 2006, 13:21
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

ah ok...

10 characters
Reply With Quote
Sponsored Links
  #12  
Old 14th July 2006, 13:28
nenad nenad is offline
Senior Member
 
Join Date: Nov 2005
Location: Novi Sad, Serbia
Posts: 415
Thanks: 13
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by Ben
ah ok...

10 characters
I don't understand those "10 characters" ?

if you mean "10 characters long password" I can't control how many characters will be long any of password for any of users of my servers.

besides that, that does not prevent load on smtp/pop3 servers. and in case of break in of password, smtp server might be used for sending spam for a days even weeks befor esomeone notice that. usually you notice that when your servers ip is on the RBL ... unfortunatelly, or through high load or traffic for smtp server.

last week ther was incided that I hacker tryed to break in pop3 , obviously he was very interested in reading someones emails.... and unfortunattely it was my personal email...
__________________
Nenad Bulatovic
---------------
Debian Lenny & ISPConfig 3
Reply With Quote
  #13  
Old 23rd June 2007, 16:55
spunk spunk is offline
Junior Member
 
Join Date: Jun 2007
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by nenad
So, as title says I am interested in findig the best possible way to ban all of IP's from where failed logins originate for ssh, ftp, pop3 and smtp services.

I past few days few hackers from China are permanently trying to login in any/all of those services. My complaints to their network's hostmasteers were hopeless.

As I am still under attack 24h daily, I am open to all sugestions.

P.S. DenyHosts installed for SSH. Logcheck too.

I installed ISPConfig for the first time yesterday and was amazed at it's capabilities. A very big "thank you" to all the developers.

DenyHosts has worked very well for me in the past on some other servers I have built and I will be installing it on my ISPConfig server. Until then, I made a few changes to the default sshd_config settings from my new install to increase the security of ssh. I set PermitRootLogin to "no" and added AllowUsers to just my personal login. Just these two changes alone will tighten up your ssh quite a bit. If you want to go further, changing the port sshd listens to is a great idea, as is using crypto keys instead of password authentication.
Reply With Quote
  #14  
Old 23rd June 2007, 20:26
AlArenal AlArenal is offline
Senior Member
 
Join Date: Feb 2007
Location: Germany
Posts: 104
Thanks: 1
Thanked 5 Times in 5 Posts
Default

I user fail2ban and did not encaunter major problems by now. I use it for SSH, FTP and some stuff I wrote by myself (in conjunction with mod_security). It seems to be a pretty popular tool and it's easily configurable.
Reply With Quote
  #15  
Old 25th June 2007, 11:22
anmsid anmsid is offline
Junior Member
 
Join Date: Mar 2007
Location: Indonesia
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to anmsid
Default

Hi
I use OSSEC-HIDS, it works prefectly in one of my production server

Thanks to the tutorial for installing OSSEC-HIDS: http://www.howtoforge.com/intrusion_...ith_ossec_hids
Reply With Quote
  #16  
Old 29th June 2007, 08:03
lyndros lyndros is offline
Senior Member
 
Join Date: Mar 2006
Location: Granada
Posts: 130
Thanks: 5
Thanked 3 Times in 2 Posts
Default

i use blockhost but the problem with this daemons (blockhosts, denyhosts...), is that monitored services must be not running as stand alone servers. so if u have a hosting server, normally u must run ftp servirce as stand alone server to increase the performance, but then u can't ban failed loggin attemps....

any idea then?

i'd like to know too, how to ban bots trying to find scripts on the server? but i still dont know how...

any help would be appreciated guys

thk u all
Reply With Quote
  #17  
Old 30th June 2007, 05:53
stargazer stargazer is offline
Junior Member
 
Join Date: Jul 2006
Posts: 26
Thanks: 4
Thanked 5 Times in 5 Posts
Default move ssh to different port

Quote:
Originally Posted by Ben
One thing for smtp stuff from china would be greylisting... (postgrey)...
If I got the time I will post sth. how to use with ISPConfig...

Regarding the SSH-Stuff, I just moved my SSH port, since then I did not find any scan for ssh...
For that purpose I disabled the ISPConfig firewall (because it does not let me close port 22) and set it up on the shell via firehol
I also moved ssh port and did not worry about 22 being closed as there is nothing listening on it. What is the difference? Curious, but since there is no daemon listening on the port it seems like it makes no difference if it is open. Please advise.
Reply With Quote
  #18  
Old 30th June 2007, 15:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Quote:
Originally Posted by lyndros
i use blockhost but the problem with this daemons (blockhosts, denyhosts...), is that monitored services must be not running as stand alone servers. so if u have a hosting server, normally u must run ftp servirce as stand alone server to increase the performance, but then u can't ban failed loggin attemps....
Why don't you try fail2ban?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #19  
Old 30th June 2007, 15:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Quote:
Originally Posted by stargazer
I also moved ssh port and did not worry about 22 being closed as there is nothing listening on it. What is the difference? Curious, but since there is no daemon listening on the port it seems like it makes no difference if it is open. Please advise.
If there's nothing running on that port, you don't need to close it in your firewall.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
lyndros (1st July 2007)
  #20  
Old 1st July 2007, 20:40
lyndros lyndros is offline
Senior Member
 
Join Date: Mar 2006
Location: Granada
Posts: 130
Thanks: 5
Thanked 3 Times in 2 Posts
 
Smile

Quote:
Originally Posted by falko
Why don't you try fail2ban?
thks falko i've checked fail2ban and it seems that is just perfect for me.

thks again
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
pop3 service alone is failed in "The Perfect Setup - Debian Sarge (3.1)" nandhu HOWTO-Related Questions 60 5th August 2008 15:15
smtp problem z.y Installation/Configuration 12 14th April 2006 16:51
POP3 SMTP FTP problem arsu Installation/Configuration 1 11th November 2005 09:32
Perfect Debian 3.1 failed of the E-MAIL Server explorer1979 HOWTO-Related Questions 1 21st October 2005 17:43
Unable to connect MS Outlook to pop3 nandhu HOWTO-Related Questions 1 12th August 2005 18:06


All times are GMT +2. The time now is 02:03.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.