Since I am using Ispconfig productive since 6 years now I feel free to suggest the points I had to fix during that time - maybe they come handy for other users within their "Perfect Server". At my first installation fail2ban was unavailable and so I used (and still do) denyhosts.pl on that machine. I have at least 3 different dictionary/brute-force attacks to the SSH-port each day, 95% from *.cn hosts. So my first suggestion is to add the [ssh]-section for fail2ban to the tutorials. Over time I received different abuse-emails from my server-provider - although my logs were sort of clean. I finally discoverd I took part in DNS-amplification attacks - just because BIND isn´t blocking recursion by default. So the second suggestion would be to add a comment on disabling recursion or just allowing it for it´s own subnet to the tutorials. And the third suggestion is to mention ntop as possible "add-on" in the tutorials - it was the only way I personally could get the clue what is going on at the ethernet interfaces. (Since I usually do that using Wireshark on a Redmond-based OS)
