Facebook
Twitter-
Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
-
The BIND DNS server has already been deprecated and removed from Plesk for Windows.
If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release. -
The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
WebHostingAce
Silver Pleskian
No, but I will remove unwanted services in the first place.
Tools & Settings > Updates and Upgrades
Tools & Settings > Updates and Upgrades
Hello,
I am looking to use firewall rules to help secure my server by closing any unnecessary services, the server is solely for web hosting.
Can you see any issues with denying and of the following items, see image below.
Many thanks,
@inQ,
Surely the above picture does not represent a tight firewall.
Just lockdown SSH and only allow the IPs of server admins and sysadmins - if necessary, you can always temporarily add / unblock specific IPs.
Moreover, only allow local MySQL traffic - in the firewall, allow 127.0.0.1 only (and also go to the Database server settings, to allow local connections only).
In addition, consider the following:
1 - only allow server admins and Plesk admins access to Plesk installer : allow the relevant IPs, deny all other IPs
2 - you can redo step 1 for Plesk administrative interface, if you have all of your customers IP addresses : this will prevent attacks on Plesk (port 8443 etc.) itself
3 - you can redo step 2 for FTP : this will prevent attacks, most of them being brute-forcing attacks
4 - if not using PostgreSQL server (as often is the case), block all access and traffic to it, (and)
I would really recommend steps 1, 3 and 4 - step 2 will be a bit more difficult, if you have customers accessing the Plesk Panel.
I would also recommend to use Fail2Ban and to setup some proper Fail2Ban filters, actions and jails - after all, Fail2Ban automatically creates firewall rules to ban IPs.
Hope the above helps.
Kind regards........
Hi Trialotto,
Thanks for the advice, I have locked down SSH to on the server only use my key and restricted database access to local only.
I'm currently travel so weary of restricted IP address unless allowing those of my VPN? Would you suggest doing so?
Also, I have setup WAF with OWASP ModSecurity ruleset and the default Fail2Ban jails.
For anyone else interested, I implemented the firewall rules discussed in this thread: https://talk.plesk.com/threads/firewall-hardening.344439/
Thank,
inQ
Thanks for the advice, I have locked down SSH to on the server only use my key and restricted database access to local only.
I'm currently travel so weary of restricted IP address unless allowing those of my VPN? Would you suggest doing so?
Also, I have setup WAF with OWASP ModSecurity ruleset and the default Fail2Ban jails.
For anyone else interested, I implemented the firewall rules discussed in this thread: https://talk.plesk.com/threads/firewall-hardening.344439/
Thank,
inQ
