That looks like more than what I usually need. A couple of other things I do is - write a script to generate some logs and grovel them and email myself a relevant report.

I like to look at lastb command output as well as the bash_history and secure log. In case someone breaks in I might capture what they were doing. Looking at the secure logs will show you who is trying to break in sometimes. Of course I would also agree with the advice of a very strong password.

/usr/bin/lastb
tail -n 400 /var/log/secure
tail -n 200 ~/.bash_history

Yeah, don't forget to lock the barn after the horse gets out.

Looking at the logs to see what they do after they break in after watching them try forever is a great idea. If they can break in they can cover their tracks and only let you see what they want to let you see and may have done other things to aide them and you would never know it.

If you notice someone persistent in getting in it is best to block them and not wait till after they got in as if they were persistent then they are not just out to check out your server they are looking to do things to it you wouldn't like.

Good luck with that. I will be looking forward to getting spam from your server on behalf of those whom broke in some day.

my theory, if it looks even remotely like an attack, or someone probing for weak spots, ban the IP. if it is a legit user, they can contact me and we can sort it out.

I still get (failed) attempts from content spammers, I ban their IP anyway.

Guys let's stop beating up on 1and1 and give him some help, huh? Telling him 1and1 sucks doesn't fix his problem or answer what he cae here to find out.

Stan, SirDude has offered the best help. You could .htaccess but that means maintaining it, and it means apache has to serve the request and take up resources. It also doesn't protect brute force attacks on your FTP server, Mail server, and a number of other services. What I see here isn't a fix-all, but it should help.

IPtables, if done right, can prevent any access at all, thus mitigating brute force attacks.

Thanks for the help, everyone,
here is my next problem

I DON'T HAVE A CLUE HOW TO DO THIS

code.

I am only a humble macintosh guy, never learned command

log in via a terminal, putty will work, and type exactly what he has there, line by line.

one thing i'd recommend doing BEFORE the 1st thing in that tutorial is to go to your setups directory..

ie: /root/setups or a lotta times /var/usr/src or /var/usr/local/src

THEN do what it says.. that way you keep all the downloaded stuff in one place instead of into whatever directory you login to..

to change directory, use the 'cd' command... so to go to /var/usr/src dir.. 'cd /var/usr/src' would do it..

I'm pretty sure you will not be getting any spam from my server. At any rate why don't you take a hike and stick to the subject. I offered some helpful information. It's not something to ridicule people over. YOu have no idea about how I cover my server's security other than a few tidbits of information I have dropped here - which isn't much of anything worth attacking someone over. It's personal jabs like yours which makes contributing on the internet a little less than a mere friendly matter. I'm sure that age has a lot to do with it.

Stan good luck :-)

ok, trying to get this fixed... had trouble with my terminal program on my mac so i picked up a windows 7....

what am I doing wrong? the CD command is not taking

Thanks everyone for the help.

It would appear that your initial command to unpack the csf.tgz file was incorrect.

You should run the command: