• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Fail2Ban banning without any reason

J

julianchntl

New Pleskian
Server operating system version
Ubuntu 22.04.2 LTS
Plesk version and microupdate number
Obsidian 18.0.49
Hello all,

I have been using Plesk for a bit longer now. However, after moving to a new server I have quite severe problems with Fail2Ban. Website visitors are banned for no reason, including myself when I delete files in Nextcloud for example.

Have any of you ever had such a problem and how did you solve it?

Kind regards,
Julian
 
Please look into /var/log/fail2ban.log which jail is banning. I have a suspicion, but need that information first to narrow the cause down.
 
Peter Debik said:
Please look into /var/log/fail2ban.log which jail is banning. I have a suspicion, but need that information first to narrow the cause down.
Click to expand...
It‘s the plesk-recidive jail. It‘s also reproducable, after reloading a website for 3 times the ip is getting banned.
 
There is no plesk-recidive jail. I guess you meant the recidive jail, which is the jail where an IP address ends up when it was banned too many times in the other jails.

Please recheck the IP address in /var/log/fail2ban.log and see what happened before it was moved to the recidive jail. I guess that it's the plesk-modsecurity jail that causes this issue.
 
I also think it's ModSecurity. I've had this on servers here and ended up deactivating that jail (leaving ModSecurity on, of course).
 
Yes, you are right. I mixed up something, it is the plesk-modsecurity jail. Is there a solution for this or can I disable it without worrying?
 
You can either disable the plesk-modsecurity jail or try to find out which ModSecurity rules are causing this issue. Be aware that this can be a lot of work if you have a busy server:


Search for the ID tags (each ModSecurity rule has an ID number) in /var/log/modsec_audit.log that trigger the plesk-modsecurity jail.
Those IDs look like this: [id "33340006"].
If that ID is causing the issue, disable it, as explained in the support article in the link above.
 
You must log in or register to reply here.

Similar threads

marcelhalls
Resolved Almalinux - Fail2Ban - Dont Start - BUG ?
Replies
1
Views
657
marcelhalls
marcelhalls
F
Issue Fail2ban error with Almalinux ¿nf_tables?
Replies
1
Views
710
Fede Marsell
F
J
Issue Default plesk-wordpress fail2ban doesn't work
Replies
6
Views
2K
Peter Debik
P
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
2K
mizar
mizar
I
Resolved php_mail issue after deleting and recreating subscription
Replies
4
Views
372
Illyrer
I
Back
Top