• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Stopping Brute Force Attacks

D

DanTron

New Pleskian
After having a new MediaTemple (dv) 4.0 [Plesk 10.1.1] for less than a week my log files were being filled with ssh, ftp, pop3, imap, failed login attempts from IP addresses in China, Portugal, etc.

Brute Force attacks are becoming more and more common, yet Plesk 10 has no security against such attacks. Using strong passwords is a good idea but I can't enforce it for EVERY user and client... clients throw a hissy fit when they have to remember passwords like Fb*@<['-7e^( 8f

I've taken the next step and installed fail2ban to scan log files and ban IP addresses that are hammering my server.
I've got it working scanning the /var/log/secure file for failed sshd and proftpd attempts BUT

I can't find where the Plesk Admin Panel stores it's log of failed attempts. I want to ban IPs that may try to brute force the Admin Panel.

1) Where does Plesk store logs for the Admin Panel?

2) WHY is there not a system already in Plesk to help with this MAJOR issue?
There should be an fail2ban equivalent in Plesk with email notification to the system admin when someone is trying to hack their system.

Any help is greatly appreciated.
Cheers
 
Last edited:
I asked the same question a while ago with Plesk 9.5.

It seems plesk blocks failed admin login after 5 attempts. I never got told for how long though :-(
Hope that still applies..


Now i have switched to plesk 10, i just really would like to use fail2ban on ssh, ftp and mail.
 
Dan,
Where did you find the info on failed blocked attempts within Plesk?
I've tested Plesk 10.1.1 and it isn't blocking anything after any number of failed attempts... :-(
I'm trying to find a way to get fail2ban to also block failed login attempts against the Plesk Admin Panel but I can't find where Plesk stores the log files for that. :-/

Someone else has pointed me in the direction of
CSF http://configserver.com/cp/csf.html

or

APF http://www.rfxn.com/projects/advanced-policy-firewall/

which apparently have better Plesk integration than fail2ban...

I'm going to look into it.
 
Here's the thread where Igor replies with the 5 attempts block:

http://forum.parallels.com/showthread.php?t=107246

But this is for Plesk 9.5, and Igor usually is the man who knows what he is talking about..

But stupid me i never tested it...

But I'm hiring a linux Pro later on today or tomorrow to set up fail2ban for most of the failed logins, so i will keep you posted on what he says.
 
fail2ban does nothing for me, i keep getting pounded by this US ip and it's brute forcing Control Panel, it's way over 5 attempts and it's still not banning the attempts... I don't understand
 
Daryl,
fail2ban is more than a bit tricky to setup properly.

Where are you finding the log files showing the attempts against the Plesk Control Panel?

Also, have you thought about reporting the IP? Typically it's a hacked computer and the owners don't know it's been hacked until you report it.
 
You must log in or register to reply here.

Similar threads

T
Issue Stop Plesk Brute Force Attacks NOW: Cloudflare + Windows Server Fix
Replies
0
Views
345
TheHostingHeroes
T
Jürgen_T
Question Massive Brute-Force Attacks on Plesk Panel – Looking for Additional Protection Measures
Replies
15
Views
2K
Franky H
F
brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
2K
Maarten
M
A
Question Plesk Admin - Bad Bot protection
Replies
4
Views
512
Alban Staehli
A
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
975
andreios
andreios
Back
Top