hi brada's, i need your help. i installed ubuntu + ispconfig through Falko's specification, all went fine, but i think a week ago i experienced some strange messages in the log files. There was a lot of break in attempt, i tried to reject the ip-address, i blocked it, but than it comes from an another. i can see in a mail.log, that someone is sending a lot of emails...spamming. i disabled smtp from the services of ispconfig. What could i do? Could someone help me? regards: Kaszi
If the install is brand new and you dont host many sites yet i would backub sites and databases then reinstall with stronger passwords. Install fail2ban and Ossec intrusion detection, to give more security. It shouldnt take more than a couple of hours saturday night and your server is up and running again. Check you ip at mxtoolbox if your blacklisted if so you should defently try and aquire a new ip othervise you can use the next year trying to get removed from blacklists. http://www.mxtoolbox.com/blacklists.aspx
thx for your replies, i think, i found the weakness, there was a test e-mail account, with a very weak password. After i deleted this "user", and empty-ed postfix queue, it seems now it is working. Is there any way, somehow to trace back "my friend"? regards Kaszi
