• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Plesk Server Crash and other issues

Richieboydev

Richieboydev

Basic Pleskian
Hey everyone,

I had a crash the other night, the first one in months. I have also been having my Plesk Server shut down almost nightly.

Today right now I see hundreds if not thousands of these

Dec 8 10:19:07 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:09 talkdevelopment rsyslogd-2177: imuxsock lost 69 messages from pid 19177 due to rate-limiting Dec 8 10:19:14 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:15 talkdevelopment rsyslogd-2177: imuxsock lost 16 messages from pid 19177 due to rate-limiting Dec 8 10:19:20 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:21 talkdevelopment rsyslogd-2177: imuxsock lost 42 messages from pid 19177 due to rate-limiting Dec 8 10:19:35 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:43 talkdevelopment rsyslogd-2177: imuxsock lost 393 messages from pid 19177 due to rate-limiting Dec 8 10:19:45 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:50 talkdevelopment rsyslogd-2177: imuxsock lost 205 messages from pid 19177 due to rate-limiting Dec 8 10:19:54 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:56 talkdevelopment rsyslogd-2177: imuxsock lost 96 messages from pid 19177 due to rate-limiting Dec 8 10:19:59 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:20:03 talkdevelopment rsyslogd-2177: imuxsock lost 231 messages from pid 19177 due to rate-limiting Dec 8 10:20:13 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:20:15 talkdevelopment rsyslogd-2177: imuxsock lost 97 messages from pid 19177 due to rate-limiting Dec 8 10:20:19 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:20:24 talkdevelopment rsyslogd-2177: imuxsock lost 69 messages from pid 19177 due to rate-limiting



But what scared me earlier was these

Dec 7 03:43:56 talkdevelopment rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="3281" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Dec 7 04:12:28 talkdevelopment xinetd[5173]: START: ftp pid=28508 from=::ffff:58.254.168.10 Dec 7 04:12:28 talkdevelopment proftpd[28508]: processing configuration directory '/etc/proftpd.d' Dec 7 04:12:32 talkdevelopment proftpd[28508]: REMOVED (58.254.168.10[58.254.168.10]) - FTP session opened. Dec 7 04:12:33 talkdevelopment proftpd[28508]: REMOVED (58.254.168.10[58.254.168.10]) - FTP session closed. Dec 7 04:12:33 talkdevelopment xinetd[5173]: EXIT: ftp status=0 pid=28508 duration=5(sec) Dec 7 04:12:33 talkdevelopment xinetd[5173]: START: ftp pid=28512 from=::ffff:58.254.168.10 Dec 7 04:12:33 talkdevelopment proftpd[28512]: processing configuration directory '/etc/proftpd.d' Dec 7 04:12:34 talkdevelopment proftpd[28512]: 74.208.174.18 (58.254.168.10[58.254.168.10]) - FTP session opened. Dec 7 04:12:35 talkdevelopment proftpd[28512]: ###### (58.254.168.10

I removed my ip. Is someone attacking my ftp? I should have this closed and also being protected by fail2ban. I am really nervous about this.

Can anyone please share some insight?

Thanks so much,
Rich
 
Hi Richieboydev,

for your first issue, please read this article:


For your second issue, be aware that Fail2Ban only bans failed login attempts after a defined amount in your configuration - let's say you have defined a pre-defined Plesk jail "plesk-proftpd", then it should be "maxretry = 5", after which failed - login attempts are banned per IP.

What do you mean, when you write "I should have this closed" ?

Don't be nervous about attacks, they are absolutely normal on public servers with open ports, because kiddies like to play.
 
Thanks,

I mean the port should be closed and open only to me but apparently I messed that up in the firewall.

I understand the attacks are just part of the game but when they cause my server to crash or over load I get nervous.

I will see if I can adjust the jails again as they are filling up very fast now. I have 125 bans since early today.

Thanks again for the reply,
Rich
 
You must log in or register to reply here.

Similar threads

wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
2K
mizar
mizar
S
Issue SMTP/Qmail stop working suddenly without any cause
Replies
3
Views
2K
Stephen_Stephen
S
AdrianC
Question php82-fpm stops responding, how to tune, debug, check variables
Replies
4
Views
2K
AdrianC
AdrianC
C
Issue Errors with Plesk scheduled backups
Replies
2
Views
1K
cmartinez127
C
M
Issue DB query failed: SQLSTATE[HY000] [2002] No such file or directory
Replies
3
Views
2K
Peter Debik
P
Back
Top