• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved fail2ban.filter [17529]: INFO [plesk-wordpress]

R

Rastronet

New Pleskian
Server operating system version
centos 7
Plesk version and microupdate number
18.0.50
Good afternoon everyone.
I wanted to ask you about the following.
Reviewing the Firewall log, I have seen that I had many SSH attacks, which I have cut from Raid.
But still they continue to appear this type of messages and I don't know what they are, and I don't know how to block them.
You can tell me what I should do.
Thank you.

fail2ban.filter [17529]: INFO [plesk-wordpress] Found xxx.xxx.xxx.xxx

From several IP addresses
 

Attachments

  • Screenshot_365.png
    Screenshot_365.png
    21.4 KB · Views: 8
That's just info. I would recommend that you make sure you configure Fail2Ban for auto banning. I would also recommend that you make sure you configure the firewall. If all of those are configured, then the info you see there is just that, info. Fail2Ban will automatically ban IP addresses based off of your jails and settings. Refer to the following articles for assisting you configuring them:
docs.plesk.com

(Plesk for Linux) Protection Against Brute Force Attacks (Fail2Ban)

IP address banning (or Fail2Ban) is a tool protecting your server and the hosted websites from brute-force attacks.
docs.plesk.com docs.plesk.com
docs.plesk.com

(Plesk for Linux) The Plesk Firewall

The Plesk firewall is a tool you can use to improve the security of your Plesk for Linux server by restricting network connections to and/or from the server.
docs.plesk.com docs.plesk.com
 
Good morning, and thank you very much for answering.
If in principle the fail2ban is configured.

As can be seen in the attached image, I also have the activated firewall, and the SSH service disabled

But they are entering somewhere, since I clean from Malwares 2 days ago several website and today they just told me that at least one of them is infected.
The WordPress, update them, both plugin, Themes and WP version.
In case there were any vulnerability, but it is clear that they must attack or enter on the other hand, because they just infected a website again.

How can I stop that problem, or how can I know where they are entering to block it.
thank you


On the web now every time you click on a link, it goes to another website with the attached images.
 

Attachments

  • Screenshot_366.png
    Screenshot_366.png
    42.3 KB · Views: 7
  • Screenshot_367.png
    Screenshot_367.png
    59.7 KB · Views: 8
  • Screenshot_368.png
    Screenshot_368.png
    4.6 KB · Views: 8
Fail2ban cannot protect your website against hackers to upload malicious code. Neither can ModSecurity or your firewall settings.

Malware enters Wordpress websites through either flawed themes or plugins. Some of which are even designed to open a backdoor. Your best bet is to ask Google with searches like "<name of theme> malware", because often other users have already reported that piece of software is not safe to use. I also strongly recommend to apply all suggested security settings from Plesk's WP Toolkit page. This will give you a lot of basic security. For Wordpress websites, the "Wordfence" plugin can also be a good choice to enhance security.
 
You must log in or register to reply here.

Similar threads

F
Issue Fail2ban: Ip addresses are not blocked by Recidive
Replies
14
Views
1K
frg62
F
Gianni
Question My IP in jail fail2ban using plesk
Replies
0
Views
456
Gianni
Gianni
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
976
andreios
andreios
brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
2K
Maarten
M
marcelhalls
Resolved Almalinux - Fail2Ban - Dont Start - BUG ?
Replies
1
Views
655
marcelhalls
marcelhalls
Back
Top