Topic: Hardening SME server

[calisun]

I am using my SME server as a web/ mail server. I am concerned with external attacks/ hacking/ ddos on my server (there is no internal network threat) so I was looking to install a contrib that will help me defend my server. I have found three contribs that are designed for that:

http://wiki.contribs.org/Denyhosts
http://wiki.contribs.org/Fail2ban
http://wiki.contribs.org/Mod_evasive

-Which one would be best at defending a web/mail server?
-Can I install more than one? (which ones)
-Have I missed any other contribs that might be better?
-Any other suggestions?

Thank you in advance.

[DanB35]

I use Fail2Ban on my system and have found it to work pretty well.  From what I can see from the DenyHosts page, Fail2Ban would seem to duplicate it, but provide much broader functionality (it tracks failed logins for mail, web, etc., not just SSH).

From what I can see, I wouldn't install both Denyhosts and Fail2ban.  I don't see that mod_evasive would conflict with either of those, but I don't have any experience with it.

[calisun]

Thank you DanB35,
I have used denyhosts before and it seemed to work ok, but as per your suggestion I will try Fail2ban and see how it works out. I will also install Mod_evasive at the same time and monitor logs for any conflicts.

[CharlieBrady]

-Which one would be best at defending a web/mail server?

That depends on what you hope to defend it against.

Your best defence is to not install any software which has security vulnerabilities. None of the contribs you mention will protect your server against exploit of a web application which allows a remote attacker to run arbitrary code.

[guest22]

Hence Docker comes to mind to isolate such web applications....

[janet]

Here
http://wiki.contribs.org/Docker