Recent content by frg62

Hi Sebahat, Thanks a lot for your answer!

Hello, I have changed the standard ports for the Plesk interface, from 8880 and 8443 to other values (Debian 11 server). When I launch the Plesk installer (in SSH), I have a warning regarding access to these two ports. Considering that port 8447 is opened in the firewall, is it safe to proceed...

Cool, thanks for this info! :cool:

I had indeed modified plesk.conf, as instructed in: https://support.plesk.com/hc/en-us/articles/12377561753111-How-to-change-the-ports-for-the-Plesk-interface-on-Linux And reverting there to port 8880 solved the display problem. Thanks a lot! (I also deleted the lines I previously added to...

I applied the two first suggestions, they did not change anything. After a while, I still end up with the following error message: The page is not redirected correctly. An error occurred while connecting to <domain>:<modified_secured_port>. The cause of this problem may be the deactivation or...

Hello, Following continuous attacks on the Plesk panel of one of my servers (several hundreds per hour 24/7 for over a week now), I modified the access ports from 8880 and 8443 to other values. Fail2ban was doing a good job, but this modification radically reduced the attacks to... zero...

OK, thanks for the explanation. But it still does not explain why, when an IP address is jailed in recidive, other jails still detect it.

In jail.conf, I find: Default findtime = 10m recidive findtime = 1d (bantime = 1w) In jail.local: Default findtime = 600 no specific findtime in recidive: [recidive] enabled = true action = iptables-allports[name=recidive] sendmail-whois[mailcmd='/usr/sbin/sendmail -f "<sender>"...

Here is what I find in iptables: root@server:~# iptables -L -n | grep 194.0.234.230 # Warning: iptables-legacy tables present, use iptables-legacy to see them REJECT all -- 194.0.234.230 0.0.0.0/0 reject-with icmp-port-unreachable root@server:~# iptables-legacy -L -n |...

I am going to have a look at it, because presently, the address appears as jailed by 2 processes:

OK, after looking at F2B logs over a long period, I think I have finally understood how it works. It looks like each jail works in total independence. An IP address can first be jailed several times by f.i. "postfix", and "recidive" increment its counter, until it jails the attacking address...

It looks like the warning should no longer be displayed, see the results for each command line: root@server:~# iptables-legacy -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source...

No it is not: root@server:~# iptables -L -n | grep 185.226.117.240 # Warning: iptables-legacy tables present, use iptables-legacy to see them root@server:~# Yet it should be, because it was supposedly sent to Recidive 2 days ago (2025-02-24 04:31:21,413).

Hello, I have noticed that the IP addresses that are supposed to be banned in Recidive, actually still can access the server. Here is an extract from the F2B logs for a specific attacking IP address: 2025-02-23 02:36:01,726 fail2ban.filter [939832]: INFO [plesk-postfix] Found...

Because I host several domains for which the mail system is not hosted on my servers. Acting globally would create incorrect DKIM records for these domains.