• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue All visitors are banned by Fail2ban after update of new set role of modsecurity

S

salvo89

New Pleskian
Hello,

today at 9:18 AM, in my VPS with Plesk was autoinstalled a new set of rules of Modsecurity (Fail2Ban).

Starting from that time, all visits and visitors to all the internet sites hosted in the VPS are blocked for 10 minutes by Fail2Ban. I checked the IPs and they are all trusted IPs. Each time I have to manually unlock them.

How I can solve the problem? I don't want to disable Fail2Ban, but if I stop the Fail2ban service all work correctly. This problem arose after today's automatic update of the modsecurity rules.

Thanks for all.
 
You could continue using fail2ban but only deactivate the ModSecurity jail. This will still give you a lot of protection, it just won't block IPs for failing all the false positives that the Comodo ruleset generates. It's been a pain here, too, on the Obisidian installations. Mostly for Wordpress, but sometimes also Nextcloud. There are just some rules that are triggered by very normal operations. The fail2ban ModSecurity jail picks up on it and block the IPs.
 
GUI > Tools & Settings > Security > IP Address Banning > Jails
Uncheck the "ModSecurity" jail, then click the "deactivate" button.
 
ok thanks. But if I deactive the jail I lost the protection of IP on brute force? The malicious IPs will be block?
 
ModSecurity will still respond to the offending URLs. Only Fail2Ban won't block the IP of the offender, and it is only related to ModSecurity related 403 errors. All other jails will stay intact. It's not such a big risk.
 
Now I have, in Tools & Settings > Server Management > Services Management, the service IP Addresses Banning (Fail2Ban) set to "Arrested". So I must restart the service and, after this, go to
Tools & Settings > Security > IP Address Banning > Jails and uncheck or shutdown the "plesk-modsecurity"?

Thanks :)
 
You must log in or register to reply here.

Similar threads

Jürgen_T
Resolved ModSecurity configuration files and directives remain on the server after its removal
Replies
5
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
ic3_2k
Issue Problem with Modsecurity 2.9. Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection
Replies
1
Views
925
Peter Debik
P
P
Resolved SSL issue for some visitors, but not all
Replies
2
Views
2K
pieterpost
P
A
Question Fail2Ban capture and ban IP, connection still being made
Replies
8
Views
2K
Bitpalast
Bitpalast
M
Question NameServer settings for domains and Webspaces?
Replies
4
Views
591
MimiWeb
M
Back
Top