Hello everyone, First of all, i am glad to tell you all that falko and Tim are doing wonderful job, few times i tested their patience by asking them multiple questions but they always respond in the same sweet way. even once cause of a problem i said cause of this problem i will turn away from ispconfig, but they didn't mind it. Thank you guys for such a wonderful project. I love everything about our community and will always (i said our because i feel i am the part of it). I can say now that i am 60--70% effiecent in configuring ISPConfig. I am glad that i can. Since few days i am fighting against Ddos attacker doing two kinds of attacks. One syn_recv Flood with spoofed ip's(yes i checked those ip's are not even functioning, dont know how to ban them or don't let them connect). What i did is i set syn cookie to 1 set the maximum retry value etc. to avoid syn flood to an extend, dont know if there is other option, will be glad if some guru's will share here. Second was from few ip's attacking on apache requesting same webpage again n again. I banned them manually, i am not efficient in php or other language, so what i did , i made a script in visual basic (yes i said visual basic lol). which process a file to see if some ip's flooding( this file is generated by a cron on my server every 5 minutes and overwrite again n again every 5 minutes). Visual basic application downloads that file. checks which ip is hitting the same webpage since last 5 minutes, if the value is above 100, it generates rule to ban that ip. Then the rules generated by visual basic application are parsed to php file which executes them on server (but before executing it clears all banned ip's, because i want to allow those ip's again). This is how my protection system works , funny but this is how i know i know its very long procedure. Now what i am thinking is. Some ppl also flooding and spamming the postfix, i dont know how to stop. for the time being i stopped postfix but that won't help. I dont know how to disallow unauthrized access to postfix or do i need to install any alternative. Also i guess by default installation of ISPConfig 3.0.1.4, postfix acts as relay? Much love and respect. Keep it up howtoforge family.
re kindly move the post to right section, i thought i write in ispconfig 3 my badi tried not to do mistakes but happens. Sorry
2009-09-06 04:34:30,285 fail2ban.jail : INFO Using poller 2009-09-06 04:34:30,307 fail2ban.filter : INFO Created Filter 2009-09-06 04:34:30,307 fail2ban.filter : INFO Created FilterPoll 2009-09-06 04:34:30,307 fail2ban.filter : INFO Set maxRetry = 5 2009-09-06 04:34:30,308 fail2ban.comm : WARNING Invalid command: ['set', 'courierpop3', 'failregex', 'courierpop3login: LOGIN FAILED.*ip=\\[.*:\\]'] installed using giving link. what's missing?
