• We value your experience with Plesk during 2025
    Plesk strives to perform even better in 2026. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2025.
    Please take this short survey:
    https://survey.webpros.com/

How to setup fail2ban for admin attacks?

Status
Not open for further replies.
L

Lee_Colarelli

New Pleskian
Hi all, I have just looked at the plesk panel log - /usr/local/psa/admin/logs/panel.log - and seen an alarming number of attempts to access plesk using the admin user. i.e.

[2015-02-02 14:53:46] ERR [panel] [Action Log] Failed login attempt with login 'admin' from IP 50.62.148.176

I have fail2ban installed and set up for other things. Can anybody help me set it up for this? Thank you in advance!
 
Hi Lee_Colarelli,

Plesk's extension fail2ban has a pre-configured jail "plesk-panel" which should monitor the log "/var/log/plesk/panel.log" ( "/usr/local/psa/admin/logs/panel.log" should be a symlink to the mentioned log - file. ), which could be used by you. As well, consider using the "recidive" - jail, for recurring script kiddies. ^^

The pre-configured "plesk-panel" jail could look like this:
Code: 
[plesk-panel]

enabled  = false
action   = iptables-multiport[name="plesk-login", port="8880,8443"]
filter   = plesk-panel
logpath  = /var/log/plesk/panel.log
maxretry = 5
 
Status
Not open for further replies.

Similar threads

Jürgen_T
Question Massive Brute-Force Attacks on Plesk Panel – Looking for Additional Protection Measures
Replies
15
Views
6K
Franky H
F
I
Input Hardening Plesk with AbuseIPDB
Replies
2
Views
524
iainh
I
T
Issue Stop Plesk Brute Force Attacks NOW: Cloudflare + Windows Server Fix
Replies
1
Views
2K
hostking
H
TimReeves
Fail2Ban Jail needed for /var/log/sw-cp-server/error_log
Replies
5
Views
9K
roon
R
G
Question Plesk Panel Extremely Slow and Shows White Screen Despite Server Resources Being Idle
Replies
2
Views
2K
HHawk
HHawk
Back
Top