• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Fail2Ban don't lock an IP

S

Stefan Becker

Basic Pleskian
Hi,

we have a brute force attack:

Code: 
188.132.180.106 - - [14/Jul/2014:22:03:37 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:38 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:38 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:39 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:40 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:40 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:41 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:41 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:42 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:43 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:44 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:44 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:46 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:46 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:47 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:48 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:48 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:49 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:50 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"

And so on, but the Fail2Ban doesn't lock this ip address, why? And how can we manually lock about the webinterface this ip?

Best regards,

Stefan
 
Unless you have failed basic authentication attempts logged, Fail2Ban will do nothing (since it's authentication failure monitor). Alternatively, if you have a custom login solution, then you need to 1) make sure it logs authentication failures somewhere, 2) create a filter and jail in Fail2Ban to match these failures, 3) test and activate them. Please note that improperly implemented filter or logging may result in DoS possibility for the service you're trying to protect (read Fail2Ban README for details).
 
You must log in or register to reply here.

Similar threads

S
Issue Filter for plesk-wordpress jail does not work, any ideas?
Replies
1
Views
791
AYamshanov
AYamshanov
M
Question fail2ban, can I ban visitors with no user agent?
Replies
1
Views
1K
Kaspar@Plesk
Kaspar@Plesk
TimReeves
Fail2Ban Jail needed for /var/log/sw-cp-server/error_log
Replies
5
Views
7K
roon
R
L
Issue Server backup fails after moving domain to subscription
Replies
6
Views
1K
Kaspar@Plesk
Kaspar@Plesk
J
Issue Default plesk-apache-badbot fail2ban doesn't work
2
Replies
21
Views
6K
Kaspar
K
Back
Top