I am really concerned as I have quite a few clients on an ISP config server and honestly I'm a little fresh when it comes to dealing with Internet vandals, maintenance and building I'm fine but I'm not real keen on how to protect. I've built several ISP config servers and this is the first time I've been getting attacked, so I think. Fail2ban has been repeatedly blocking IP addresses with the word SSH next to the IP address which I'm assuming means I've had repeated failed SSH login attempts. I have been taking all of those IP addresses that show up and creating an individual firewall rule to reject communication. I have looked at some of my individual site records and found where what looks like someone has been probing for my PHPmyadmin management pages,as well as other Internet configuration and management pages. I am also seeing tons of communication from spamming sites in foreign countries such as Germany, Russia, Belgium, and many many more. Here recently many of my users across all of my virtual domains have been experiencing " 500 error, internal server error" mostly through my e-mail client roundcube, I run that as well as squirrel mail, PHPmyadmin and all the basic tools used in the Debian Lenny "the perfect server how to". I really need some assistance in figuring out a proactive way to stop communication with the sites, may be blacklisting the domains and the proper way to restrict these addresses. I have found where to blacklist e-mail accounts, however I don't see such a tool to block domains. It would be cool if someone could share with me how to implement a script where after a certain number of repeated communication attempts through different channels such as SSH or unauthorized SSL or username probing that that particular client would be blocked permanently from communication. I am including some of the log files so maybe someone can help me make sense of this. The IP addresses included in the logs are not any of my personal addresses for this platform. The Main reason I need help others than the clarification on the log files and what to do is what's going on with the internal server error 500. I need to get rid of that where my clients stop having problems. here are the log files and where they came from. "mail warn-log" "fail2ban" - There is close to 100 of these over the last week Site error log - note the config page errors, I never tried to get into management pages through this domain and as a matter of fact their blocked, is someone probing?? More for the same site, I used net tools to check the ip's and they are coming from Germany and Russia mostly, whats going on?? Please help explain this and what to do, its happening all over my server and my clients that run businesses on this are having the 500 errors, for give me for being ignorant but you have to learn somehow right?