When I first purchased Plesk, I installed it on a dedicated server at a hosting company. Everything went well and I began transferring clients. After a couple of months, I began noticing strange bandwidth activity. I did a scan and quickly found out that the server was compromized. According to my hosting company, the only way to completely fix it would be to reload windows and start over. It took me about 3 weeks and a lot of money to recover. On my new server, I had them add a firewall and I restricted all FTP access to specific IP addresses or I had clients install VPN software. The VPN solution was a hassle, but it worked. Since the new server was configured, I have not had any security issues. The problem now is that I would like to offer basic FTP hosting for my clients. How can I open the firewall for FTP access but still prevent hackers from getting in? Also, how to I prevent clients from uploading viruses or trojans? My FTP logins and passwords seem to be strong enough, but they somehow still got in.