• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Was someone trying to brute force?

K

kek

New Pleskian
Server operating system version
Ubuntu 22.04
Plesk version and microupdate number
18.0.59
Hi, I checked the Log Settings from Tools and Settings and got this under "System" tab:

https://imgur.com/qSSnR2A

Was someone trying to get in?
 
Sure, but that's just normal. Make sure you have the Fail2Ban jails activated so that brute-forcing won't succeed.
 
Peter Debik said:
Sure, but that's just normal. Make sure you have the Fail2Ban jails activated so that brute-forcing won't succeed.
Click to expand...
I actually have Plesk's web application firewall turned off but does turning it off also turns off fail2ban ?
 
WAF and Fail2Ban are independent and different things. Go to Tools & Settings > Security > IP Address Banning (Fail2Ban) to configure Fail2Ban.
 
Peter Debik said:
WAF and Fail2Ban are independent and different things. Go to Tools & Settings > Security > IP Address Banning (Fail2Ban) to configure Fail2Ban.
Click to expand...
"Enable Intrusion Detection" is enabled.

Another thing, what do I keep an eye on in the plesk dashboard and monitor in case someone continuously floods the server?

How do I know if there is a sudden increase in resources like CPU consumption in case something is down or someone is trying to attack?
 
kek said:
"Enable Intrusion Detection" is enabled.

Another thing, what do I keep an eye on in the plesk dashboard and monitor in case someone continuously floods the server?

How do I know if there is a sudden increase in resources like CPU consumption in case something is down or someone is trying to attack?
Click to expand...

@kek,

In all honesty, you should simply block specific ports for the sake of security.

For instance, if you are the sysadmin and the only one required to access SSH, then use Plesk Firewall Extension to allow you access and block ALL OTHERS.

For instance, if you see any (really) suspicious activity in Fail2Ban, then permanently block the offending IPs - not via Fail2Ban, but with the Plesk Firewall AND by means of Nginx or Apache blacklist AND by means of the hosts.deny file.

It is essential that you block any offending traffic, originating from a repetitively offending IP, on ALL server levels ...... and that you ban them longer as the number of offending requests (from an offending IP) increase - in the long run, you will ban a considerable number of IPs permanently : that is good!

I hope the above helps a bit.

Kind regards....
 
  • Like
Reactions: kek
You must log in or register to reply here.

Similar threads

Jürgen_T
Question Massive Brute-Force Attacks on Plesk Panel – Looking for Additional Protection Measures
Replies
15
Views
2K
Franky H
F
T
Issue Stop Plesk Brute Force Attacks NOW: Cloudflare + Windows Server Fix
Replies
0
Views
343
TheHostingHeroes
T
brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
2K
Maarten
M
I
Issue Selinux switches to permissive when updating modsecurity rules
Replies
10
Views
1K
ivanes82
I
T
Issue mysqldump: Got error: 1932: "Table 'psa.WebsitesDiagnostic' doesn't exist in engine" when using LOCK TABLES
Replies
6
Views
663
TrevorM
T
Back
Top