Suggestion: Further configuration of fail2ban, bind within "The Perfect..."

Discussion in 'Suggest HOWTO' started by Multios, Jul 17, 2014.

  1. Multios

    Multios New Member

    Since I am using Ispconfig productive since 6 years now I feel free to suggest the points I had to fix during that time - maybe they come handy for other users within their "Perfect Server".

    At my first installation fail2ban was unavailable and so I used (and still do) on that machine. I have at least 3 different dictionary/brute-force attacks to the SSH-port each day, 95% from *.cn hosts. So my first suggestion is to add the [ssh]-section for fail2ban to the tutorials.

    Over time I received different abuse-emails from my server-provider - although my logs were sort of clean. I finally discoverd I took part in DNS-amplification attacks - just because BIND isn´t blocking recursion by default. So the second suggestion would be to add a comment on disabling recursion or just allowing it for it´s own subnet to the tutorials.

    And the third suggestion is to mention ntop as possible "add-on" in the tutorials - it was the only way I personally could get the clue what is going on at the ethernet interfaces. (Since I usually do that using Wireshark on a Redmond-based OS)

Share This Page