• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Huge amount of failed login attempts?

C

Colonel36

Basic Pleskian
Server operating system version
Ubuntu 20.04
Plesk version and microupdate number
Plesk Obsidian18.0.57
I've just noticed in the logs there a huge amount of failed logins from different ip addresses.
I've got Fail2ban active, but what are the most secure settings I should have.

In addition, I have multi factor active.
When I try to change my password to a stronger one, it constantly says it doesn't recognised the old one, even I checked it time and time again and can always login with it?
Thanks in advance.
 
Colonel36 said:
I've just noticed in the logs there a huge amount of failed logins from different ip addresses.
I've got Fail2ban active, but what are the most secure settings I should have.
Click to expand...
Fail2ban and MFA should be plenty. But if you want you could also consider:
Colonel36 said:
When I try to change my password to a stronger one, it constantly says it doesn't recognised the old one, even I checked it time and time again and can always login with it?
Click to expand...
Do you login as root or as admin to Plesk?
Root is considered an alias of the admin user, however you can only change the password via Plesk fot the admin user, not for root user.
 
Colonel36 said:
Can you inform me how I could access them?
Click to expand...
Sure. Connect via SSH or use the SSH terminal in Plesk and run the command Plesk login . This wil generate a temporary login URL for the admin user. After accessing the temporary login URL, you can set (change) a password for the admin user.
 
Thanks for the reply.
I have tried to do that, but it won't let me copy the temporary url.
I have tried:
1. Using Keyboard Shortcuts:
  • Copy: Press and hold the Shift key, then press Ctrl+C.
  • Paste: Press and hold the Shift key, then press Ctrl+V.
2. Using Mouse and Context Menu:
  • Select: Use your mouse to highlight the text you want to copy.
  • Right-click: Right-click on the selected text.
  • Copy: Choose the "Copy" option from the context menu.
  • Paste: Navigate to the application where you want to paste the text, then right-click and choose "Paste".
But, I'm afraid, I haven't had any luck?
 
Forget the last post. I've sorted it out.
The problem, however, still exists. It still won't let me change the password, even with the temporary url login?
I only have one login 'root' and when I try 'admin' that won't work.
I have tried the 'forgotten password,' and entered my email, but no email ever arrives?
 
Your are right, my bad. I didn't realize that you still needed the old password to change the password via Plesk.

As an alternative method, you can change the admin password via command line with the following command (change your_new_password to your desired password).
Code: 
plesk bin admin --set-admin-password -passwd 'your_new_password'
 
Thanks.
I had already done that, but it didn't work. It said the change was successful, but when I tried to login, it didn't work?
 
Kaspar said:
Fail2ban and MFA should be plenty. But if you want you could also consider:

Do you login as root or as admin to Plesk?
Root is considered an alias of the admin user, however you can only change the password via Plesk fot the admin user, not for root user.
Click to expand...
I followed the first instructions: https://support.plesk.com/hc/en-us/...Y*MTc0NTU3MTA5Ni43LjEuMTc0NTU3MTgzNi42MC4wLjA.
but I get this error all the time: Error: The access restriction policy and the list of networks are currently configured the way you will not be able to log in with administrator's rights from your IP address '**.**.**.**'.
 
Colonel36 said:
Error: The access restriction policy and the list of networks are currently configured the way you will not be able to log in with administrator's rights from your IP address '**.**.**.**'.
Click to expand...
This error means that you haven't added the IP address you're currently using and are logged to Plesk on with. The solution is to make sure to add the shown IP address in the error to the list first.

Colonel36 said:
To try to stop these attacks, I'm currently firewalling half the world! But, I fear, this may affect SEO and Google bots?
Click to expand...
It could, if you are blocking the Google Crawler servers for example. You have to be some what selective with blocking IP's. A good source to check if IP's are malicious is abuseipdb.com. Generally, there much more bad IP's (and subsnets) then there are legitimate crawlers. So the the chances of blocking Google is pretty slim, but never null.
 
As for using the link, you sent, I would be here for the next 34, 000 days looking them up and adding them?
Thanks for your support, but surely, there must be a very simply way Plesk can sort out these attacks?
 
You must log in or register to reply here.

Similar threads

Jürgen_T
Question Massive Brute-Force Attacks on Plesk Panel – Looking for Additional Protection Measures
Replies
15
Views
2K
Franky H
F
A
Question Warnings in mail log [SASL LOGIN authentication failed]
Replies
1
Views
2K
Peter Debik
P
abanico
Issue Backup manager fails to backup to S3 bucket
Replies
4
Views
9K
Sebahat.hadzhi
Sebahat.hadzhi
learning_curve
Resolved Permissions on some of the files packaged by Plesk are incorrect[ERROR] - Post 18.0.69 Upgrade
Replies
19
Views
969
learning_curve
learning_curve
M
Question Issues after migrating Prestashop to a new server - getting 302 sometimes
Replies
1
Views
10K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top