- Straight-forward SPI iptables firewall script
- Daemon process that checks for login authentication failures for:POP3/IMAP login tracking to enforce logins per hour
- Courier imap, Dovecot, uw-imap, Kerio
- openSSH
- cPanel, WHM, Webmail (cPanel servers only)
- Pure-ftpd, vsftpd, Proftpd
- Password protected web pages (htpasswd)
- Mod_security failures (v1 and v2)
- Suhosin failures
- Exim SMTP AUTH
- Custom login failures with separate log file and regular expression matching
- SSH login notification
- SU login notification
- Excessive connection blocking
- Block traffic on unused server IP addresses - helps reduce the risk to your server
- Alert when end-user scripts sending excessive emails per hour - for identifying spamming scripts
- Suspicious process reporting - reports potential exploits running on the server
- Excessive user processes reporting
- Excessive user process usage reporting and optional termination
- Suspicious file reporting - reports potential exploit files in /tmp and similar directories
- Directory and file watching - reports if a watched directory or a file changes
- Block traffic on the DShield Block List and the Spamhaus DROP List
- BOGON packet protection
- Server Security Check
- mod_security log reporting
- Email relay tracking - tracks all email sent through the server and issues alerts for excessive usage
- IDS (Intrusion Detection System) - the last line of detection alerts you to changes to system and application binaries
- SYN Flood protection
- Ping of death protection
- Port Scan tracking and blocking
- Permanent and Temporary (with TTL) IP blocking
- Exploit checks
- Account modification tracking - sends alerts if an account entry is modified
- Shared syslog aware
- Port Flooding Detection - Per IP, per Port connection flooding detection and mitigation to help block DOS attacks
- Distributed Login Failure Attack detection
- 71 Users Found This Useful
