• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Does anyone use CrowdSec with Plesk?

herrMartin

herrMartin

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Plesk Obsidian Version 18.0.45 Update #2
I am using Crowdsec on another non Plesk VPS in a docker environment with everything behind Traefik. I am super happy with this solution, especially with Crowdsec which replaces a lot of other expensive, slower security solutions.
Is anyone using Crowdsecwith Plesk and CentOS 7? Any recommendations for the setup. Just asking because often with Plesk there are special headaches.

www.crowdsec.net

CrowdSec - The open-source & collaborative IPS

CrowdSec is an open-source and collaborative security stack leveraging the crowd power. Analyze behaviors, respond to attacks & share signals across the community. Join the community and let's make the Internet safer, together.
www.crowdsec.net www.crowdsec.net
 
Thanks for reminding me ;-)

I tried CrowdSec a year ago and decided not to use it. I can't remember the reason why. I guess because it wasn't really active at that time. Low install/downloads etc.

I gave it another shot and installed it on a Plesk AlmaLinux 8.7 server.
Added a few test subscriptions logs:
Code: 
# mkdir /etc/crowdsec/acquis.d
# cat /etc/crowdsec/acquis.d/plesk.yaml
filenames:
  - /var/www/vhosts/system/domain1.com/logs/proxy_access_ssl_log
  - /var/www/vhosts/system/domain1.com/logs/access_ssl_log
  - /var/www/vhosts/system/domain2.com/logs/proxy_access_ssl_log
  - /var/www/vhosts/system/domain2.com/logs/access_ssl_log
labels:
  type: nginx
---

So far, it mostly blocks bad-user-agents:

Code: 
# cscli decisions list
╭───────┬──────────┬────────────────────────┬───────────────────────────────────┬────────┬─────────┬───────────────────────────────────┬────────┬────────────────────┬──────────╮
│  ID   │  Source  │ Scope:Value            │              Reason               │ Action │ Country │                AS                 │ Events │     expiration     │ Alert ID │
├───────┼──────────┼────────────────────────┼───────────────────────────────────┼────────┼─────────┼───────────────────────────────────┼────────┼────────────────────┼──────────┤
│ 22661 │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ DE      │ 14061 DIGITALOCEAN-ASN            │ 2      │ 3h59m2.879054818s  │ 15       │
│ 22660 │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ DE      │ 13335 CLOUDFLARENET               │ 2      │ 3h57m41.927612664s │ 14       │
│ 22659 │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ DE      │ 13335 CLOUDFLARENET               │ 2      │ 3h57m41.178042482s │ 13       │
│ 22658 │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ DE      │ 13335 CLOUDFLARENET               │ 2      │ 3h57m40.170986732s │ 12       │
│ 22657 │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ DE      │ 13335 CLOUDFLARENET               │ 2      │ 3h57m39.172110935s │ 11       │
│ 22656 │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ GB      │ 3170 VeloxServ Communications Ltd │ 2      │ 3h29m44.468924046s │ 10       │
│ 22655 │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ US      │ 398722 CENSYS-ARIN-03             │ 2      │ 3h22m53.773628827s │ 9        │
│ 22654 │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ US      │ 14061 DIGITALOCEAN-ASN            │ 2      │ 3h21m9.524985973s  │ 8        │
│ 4     │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ NL      │ 202425 IP Volume inc              │ 2      │ 2h49m30.708270174s │ 4        │
│ 3     │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ DE      │ 24940 Hetzner Online GmbH         │ 2      │ 2h34m41.664605675s │ 3        │
│ 2     │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-bad-user-agent │ ban    │ GB      │ 3170 VeloxServ Communications Ltd │ 2      │ 2h28m48.78155151s  │ 2        │
│ 1     │ crowdsec │ Ip:xx.xx.xx.xx         │ crowdsecurity/http-open-proxy     │ ban    │ NL      │ 202685 Aggros Operations Ltd.     │ 1      │ 2h13m20.342538872s │ 1        │
╰───────┴──────────┴────────────────────────┴───────────────────────────────────┴────────┴─────────┴───────────────────────────────────┴────────┴────────────────────┴──────────╯
 
Last edited:
on my docker / traefik vps I have secured two sites with it which were hammered with spam, bots, brute force attacks, etc and It gets the job done and gives me peace of mind. You can also realize quite easy geo-blocking with traefik and crowdsec. Something which IO haven't managed to do on my cent os 7 / plesk system.
 
Please do not forget the Apache and Plesk panel log files:

YAML: 
filenames:
  - /var/www/vhosts/system/*/logs/error_log
  - /var/www/vhosts/system/*/logs/access_log
  - /var/www/vhosts/system/*/logs/error_ssl_log
  - /var/www/vhosts/system/*/logs/access_ssl_log
  - /var/log/plesk/httpsd_access_log
  - /var/log/sw-cp-server/error_log
labels:
  type: apache2
 
You must log in or register to reply here.

Similar threads

Daerik
Issue Error Upgrading Plesk Obsidian 18.0.63 to 18.0.64: HTTPS Error 404 - Not Found (MaxScale Repo)
Replies
6
Views
3K
Daerik
Daerik
M
Issue problem plesk server with centos 7
Replies
1
Views
1K
Peter Debik
P
H
Question Decommissioning a hacked Plesk/CentOS 7/Plesk web server, and migrating all sites to CentOS 7/Plesk
Replies
2
Views
1K
Huey Tinman
H
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
8
Views
2K
HHawk
HHawk
A
Question Can't access Shopware 6 Staging Area within Plesk Server
Replies
1
Views
1K
mow
M
Back
Top