Securing an ISPConfig website

Discussion in 'General' started by llamy, Jul 30, 2007.

  1. llamy

    llamy New Member


    I have Ispconfig installed as a firewall for the site i'm still working and not deployed yet at this time. I know that IspConfig ensures a very tight security to the site but with all the howto's i went through, i wonder if i'm missing an extra security mesure like :

    mode_security according to this Falko howto:


    snort and base According to this Edge howto:

    or i think maybe that i'm missing a

    security tool that will cop with Ispconfig and allow me to see, detect and take measures on realtime about attacks and intrusions.

    Can you please guide me through. Thanks alot in advance.

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You can combine these two howtos with ISPConfig. ISPConfig itself is a server configuration tool, not a security tool. Just install and configure the additional security software on your serverm it will not conflict with your ISPConfig installation.
  3. llamy

    llamy New Member

    Thanks Till

    Thanks alot!
    But i wonder if i there is anymore security measures i should take!

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    No, just make sure that you install all available updates for your linux distribution regularily and enable the ISPConfig firewall. Do not start unneeded services. If you used one of the perfect setup guides, your server should not run any unneeded services.
  5. llamy

    llamy New Member

    That will be it!

    Yes i have followed the Fed Core 6 perfect setup and and also the LAMP server with IspConfig as a firewall on Fed Core 6 by Falko, and just left the basic configuration that come with IspConfig as it (about the ports scanning). I will just go ahead now and add the 2 howto 's above, Thanks again one more time Till for your help!.

  6. edge

    edge Active Member Moderator

    One other nice extra option to add is PSAD (

    I've got it running on my Debian systems.
    When a person does a port scan to one of my servers it's IP get blocked for a set time. (in my case for 10 minutes)
  7. llamy

    llamy New Member

    Thanks Edge!

    Thank you very much for that nice extra option tip, i have install both psad and fwsnort from as you mentionned and the installation was succesfull. So if i understand so far the doc, you have only one command line to see the attacks : psad --status and how did you set time to 10 min in psad.conf to block IPs. Thnks again.

  8. edge

    edge Active Member Moderator

    It has been some time ago that I did the setup for psad, but all needed things are set within psad.conf

    More info about the scan timeout here
  9. llamy

    llamy New Member

    Thanks Edge

    Hey man thank you for the link in your reply! I wil check it!


Share This Page