• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Plesk firewall not working

Chris1

Chris1

Regular Pleskian
Hello,

Plesk 12.5 Update #5 on CloudLinux 7.1.

It seems that my Plesk firewall isn't working. I've got an attacker trying to brute force into a clients Wordpress website:

Code: 
78.142.63.72 - - [16/Oct/2015:10:38:50 +1100] "POST /wp-login.php HTTP/1.0" 200 4405 "-" "-"

It isn't being picked up by Fail2Ban Wordpress Jail, I've tried putting a custom ban into the Plesk Firewall "Deny incoming from 78.142.63.72 on all ports" but the login attempts still continue.

Here is the output from "iptables -L":
Code: 
Chain INPUT (policy DROP)
target  prot opt source  destination
f2b-plesk-wordpress  tcp  --  anywhere  anywhere  multiport dports http,https,emp  owerid,7081
f2b-plesk-roundcube  tcp  --  anywhere  anywhere  multiport dports http,https,emp  owerid,7081
f2b-plesk-modsecurity  tcp  --  anywhere  anywhere  multiport dports http,https,e  mpowerid,7081
f2b-plesk-login  tcp  --  anywhere  anywhere  multiport dports cddbp-alt,pcsync-h  ttps
f2b-plesk-courierimap  tcp  --  anywhere  anywhere  multiport dports imap,imap3,i  maps,pop3,pop3s
f2b-plesk-dovecot  tcp  --  anywhere  anywhere  multiport dports imap,imap3,imaps  ,pop3,pop3s,sieve
f2b-plesk-postfix  tcp  --  anywhere  anywhere  multiport dports smtp,urd,submiss  ion
f2b-plesk-proftpd  tcp  --  anywhere  anywhere  multiport dports ftp,ftp-data,ftp  s,ftps-data
f2b-recidive  tcp  --  anywhere  anywhere
f2b-SSH  tcp  --  anywhere  anywhere  tcp dpt:ssh
ACCEPT  all  --  anywhere  anywhere  state RELATED,ESTABLISHED
REJECT  tcp  --  anywhere  anywhere  tcp flags:!FIN,SYN,RST,ACK/SYN state NEW  reject-with tcp-reset
DROP  all  --  anywhere  anywhere  state INVALID
ACCEPT  all  --  anywhere  anywhere
DROP  udp  --  server1.agrawebhosting.com  anywhere
DROP  tcp  --  server1.agrawebhosting.com  anywhere
ACCEPT  udp  --  anywhere  anywhere  udp dpt:snmp
ACCEPT  tcp  --  anywhere  anywhere  tcp dpts:65000:65534
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:fjicl-tep-a
DROP  tcp  --  anywhere  anywhere  tcp dpt:12443
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:11443
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:11444
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:8447
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:pcsync-https
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:cddbp-alt
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:http
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:https
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:ftp
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:ssh
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:submission
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:smtp
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:urd
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:pop3
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:pop3s
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:imap
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:imaps
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:poppassd
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:mysql
DROP  tcp  --  anywhere  anywhere  tcp dpt:postgres
DROP  tcp  --  anywhere  anywhere  tcp dpt:ogs-server
DROP  tcp  --  anywhere  anywhere  tcp dpt:glrpc
DROP  udp  --  anywhere  anywhere  udp dpt:netbios-ns
DROP  udp  --  anywhere  anywhere  udp dpt:netbios-dgm
DROP  tcp  --  anywhere  anywhere  tcp dpt:netbios-ssn
DROP  tcp  --  anywhere  anywhere  tcp dpt:microsoft-ds
DROP  udp  --  anywhere  anywhere  udp dpt:openvpn
ACCEPT  udp  --  anywhere  anywhere  udp dpt:domain
ACCEPT  tcp  --  anywhere  anywhere  tcp dpt:domain
ACCEPT  icmp --  anywhere  anywhere  icmptype 8 code 0
DROP  all  --  anywhere  anywhere

Chain FORWARD (policy DROP)
target  prot opt source  destination
ACCEPT  all  --  anywhere  anywhere  state RELATED,ESTABLISHED
REJECT  tcp  --  anywhere  anywhere  tcp flags:!FIN,SYN,RST,ACK/SYN state NEW  reject-with tcp-reset
DROP  all  --  anywhere  anywhere  state INVALID
ACCEPT  all  --  anywhere  anywhere
DROP  all  --  anywhere  anywhere

Chain OUTPUT (policy DROP)
target  prot opt source  destination
ACCEPT  all  --  anywhere  anywhere  state RELATED,ESTABLISHED
REJECT  tcp  --  anywhere  anywhere  tcp flags:!FIN,SYN,RST,ACK/SYN state NEW  reject-with tcp-reset
DROP  all  --  anywhere  anywhere  state INVALID
ACCEPT  all  --  anywhere  anywhere
ACCEPT  all  --  anywhere  anywhere

Chain f2b-SSH (1 references)
target  prot opt source  destination
RETURN  all  --  anywhere  anywhere

Chain f2b-plesk-courierimap (1 references)
target  prot opt source  destination
RETURN  all  --  anywhere  anywhere

Chain f2b-plesk-dovecot (1 references)
target  prot opt source  destination
RETURN  all  --  anywhere  anywhere

Chain f2b-plesk-login (1 references)
target  prot opt source  destination
RETURN  all  --  anywhere  anywhere

Chain f2b-plesk-modsecurity (1 references)
target  prot opt source  destination
RETURN  all  --  anywhere  anywhere

Chain f2b-plesk-postfix (1 references)
target  prot opt source  destination
RETURN  all  --  anywhere  anywhere

Chain f2b-plesk-proftpd (1 references)
target  prot opt source  destination
RETURN  all  --  anywhere  anywhere

Chain f2b-plesk-roundcube (1 references)
target  prot opt source  destination
RETURN  all  --  anywhere  anywhere

Chain f2b-plesk-wordpress (1 references)
target  prot opt source  destination
REJECT  all  --  server1.agrawebhosting.com  anywhere  reject-with icmp-port-unreachable
RETURN  all  --  anywhere  anywhere

Chain f2b-recidive (1 references)
target  prot opt source  destination
RETURN  all  --  anywhere  anywhere

The reverse name for 78.142.63.72 is server1.agrawebhosting.com and it appears to be blocked in iptables but they still seem to be able to make login attempts every second to my server.
 
Last edited:
You must log in or register to reply here.

Similar threads

A
Question Plesk firewall - CrowdSec iptables interaction
Replies
3
Views
487
andg
A
L
Question Question before activating Plesk firewall
Replies
2
Views
341
VanessaChuuy
VanessaChuuy
J
Resolved 25: Connection timed out - Almalinux 9.4 x86_64 | 18.0.61.1
Replies
2
Views
2K
josemanuuxd
J
M
Issue Fail2Ban Error
Replies
6
Views
652
Bitpalast
Bitpalast
Z
Resolved Docker is unable to connect to the internet
Replies
2
Views
23K
zZeepo
Z
Back
Top