• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Use Fail2Ban IP's in Firewall Rules

B

Ben Krause

New Pleskian
I have people beating up on my server all the time it seems. It happens so often now that I have setup Fail2Ban to block an IP for 7 days after one failed attempt for ftp/ssh/worpess etc. After a month I have 192 banned IP addresses.

I was wondering if there was a way to setup the firewall under plesk to ban those IP addresses from accessing the server at all? For example, the rule would be "block 'banned ip addresses' from accessing 'any service' on this server". This way if they try to ping the server or bring up a website that is hosted on the server, they would get no communication with the server until their IP was unbanned.

I just tested if this is a default already and it's not. I tried to login to a server ftp account with the wrong password and was banned. I then attempted to visit a website hosted on that same server on the same IP address and I was able to access it. What I'm looking for is that if I get banned because I gave a wrong ftp password, I would not be able to access website or any resources on that server from the same IP until it is unbanned.

Thanks in advance.
 
Hello,

What you are looking for you can get it just by setting the jails of each service, so that "block the ip on all ports, if that fails only on ftp", to consider, however, that the jail "recidive", blocks all Port for default:

[recidive]
enabled = true
filter = recidive
action = iptables-allports[name=recidive]
logpath = /var/log/fail2ban.log
maxretry = 5
 
Thanks, that is exactly what I was looking for. I suppose if I had read the help I would have saw that recidive explanation right at the top of the jails section of the help manual. :) Thanks again.
 
You must log in or register to reply here.

Similar threads

S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
1K
sulabhpuri
S
R
Question Disable FTP on single ip address
Replies
3
Views
322
Kaspar
K
F
Issue Fail2ban: Ip addresses are not blocked by Recidive
Replies
14
Views
1K
frg62
F
T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
1K
TurabG
T
F
Question IPv4 forwarding rule
Replies
8
Views
380
alvarezcruz
alvarezcruz
Back
Top