So I am new to server hosting and recently bought a vps for my buddies forums. And a few friends websites. No intentions of running a business or anything Just personal use. Everything is installed and working good Had brute force attempts on port 22 ssh/ changed port seem to stop them Running into another issues I cant seem to find the answer too My mail log is showing Code: Apr 22 07:47:33 vps postfix/smtpd[19129]: warning: 62-2-213-189.static.cablecom.ch[62.2.213.189]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Apr 22 07:47:34 vps postfix/smtpd[19134]: warning: 62-2-213-189.static.cablecom.ch[62.2.213.189]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Apr 22 07:47:34 vps postfix/smtpd[19131]: warning: 62-2-213-189.static.cablecom.ch[62.2.213.189]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Apr 22 07:47:34 vps postfix/smtpd[19132]: warning: 62-2-213-189.static.cablecom.ch[62.2.213.189]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Now after doing research online I read you can install squirrelmail logging then set up something with failban Does anyone have a guide I can use for my current setup? Or does anyone have any recommendations?
This are sasl login attempts from a external IP. Thats not related to squirrelmail. If these were squirrelmail logins, then the IP wol always be 127.0.0.1.
Thank you What would be the best way to stop these? Would this be something that I would be looking for? http://www.howtoforge.com/forums/showthread.php?t=51349
Which Ubuntu version do yu use? Did you use the perfect server guide to install your system, as the perfect server contains rules to stop these attacks with fail2ban.
Thank you for your replies Im using ubuntu 12.04 and followed this guide http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3 My vps provider only has the preinstalls OS'S for 12.04 It was not covered in this version. I do see it covered on the newer versions Thanks for all your help
