Recent content by iainh

  1. I

    Question Plesk firewall and preventing clashes with firewalld

    Okay, so for anyone else wandering into this post with the same issue of firewallld and Plesk firewalls running together, these are the precise steps I took to safely disable firewallld and (so far :oops:) not lock myself out of my server. The steps are detailed as a pet hate is people that...
  2. I

    Question Plesk firewall and preventing clashes with firewalld

    I think the issue @manos is referring to is that someone's access to the server may be dependent on firewalld configured rules. As disabling firewalld also results in the removal of rules it has added, disabling could result in someone removing rules on which their own access relies. I have...
  3. I

    Question Plesk firewall and preventing clashes with firewalld

    Yes, I'm using AlmaLinux 9.8 (Olive Jaguar) (mentioned in post header) Yes, I should have (would retest) VNS console access should things go south before I go changing too many things I presume the reference to "ssh dhcp and cokpit" by @manos is a block of all access other than (presumably)...
  4. I

    Question Plesk firewall and preventing clashes with firewalld

    I have my Plesk firewall set to only permit privileged service access only from my own IP (using the "Allow from selected sources, deny from others" rule option and listing my IP). This applies to the rules for "Plesk administrative interface" (and HTTP/3 equivalent) which I take to mean port...
  5. I

    Issue Multiple Failed Login Attempts via Plesk GUI

    I'm seeing this as well, one IP from a hosting provider known for bad actors, trying over and over: [Action Log] Failed login attempt with login 'root' from IP x.x.x.x My query is becasue... Yes, Fail2Ban and the plesk-panel jail are enabled, but it's low rate but endless More importantly, in...
  6. I

    Question CVE-2026-23918, CVE-2026-24072 and update to Apache 2.4.67

    Thanks for your help and advice @Bitpalast
  7. I

    Question CVE-2026-23918, CVE-2026-24072 and update to Apache 2.4.67

    dnf update run and looking better now: # dnf update Last metadata expiration check: 2:17:08 ago on Fri 08 May 2026 18:17:10 BST. Dependencies resolved. Nothing to do. Complete!
  8. I

    Question CVE-2026-23918, CVE-2026-24072 and update to Apache 2.4.67

    Perfect. Thank you again. I have done this, just not applied the (test) kernal patch. I see I'm back on kernel-5.14.0-611.54.3.el9_7 (for AlmaLinux 9), so maybe I need to look into doing a more comprehensive update via sudo dnf update
  9. I

    Question CVE-2026-23918, CVE-2026-24072 and update to Apache 2.4.67

    Many thanks @Bitpalast. I have reviewed that and noted it was a patch form a test repo, but it sounds like you have confidecne in it. Thank you
  10. I

    Question CVE-2026-23918, CVE-2026-24072 and update to Apache 2.4.67

    Thanks for this. I see: So no joy here. But, I'm not running http/2 and there are no other users on the box, so I think I'm in a reasonable position. But it would be interesting to know what is coming to 'officially' mitigate these two CVE, and yes, ploughing into a manual update brings fears...
  11. I

    Question CVE-2026-23918, CVE-2026-24072 and update to Apache 2.4.67

    As a little further info... CVE-2026-23918 (CVSS score: 8.8) only applies to 2.4.66 and is in http/2 support, so I presume 2.4.62 and not enabling http/2 mean this shouldn't be an issue. And CVE-2026-24072 (also CVSS score: 8.8) permits local .htaccess authors to read files with the privileges...
  12. I

    Question CVE-2026-23918, CVE-2026-24072 and update to Apache 2.4.67

    Is there any advice on updating from Apache/2.4.62 (AlmaLinux) to 2.4.67 to mitigate CVE-2026-23918 and CVE-2026-24072? Would using: break all manner of things, or will Plesk magically bring along an emergency update to mitigate these CVE and make the issue go away (as is so often the case?)...
  13. I

    Input Hardening Plesk with AbuseIPDB

    Many thanks @Kaspar for your time, thoughts and advice :) Yes, I get that fail2ban is dynamic and have that locked down (maxretry = 3) to help limit things, but there is also the fail2ban 'plesk-permanent-ban' jail, although that is an all ports, TCP and UDP total ban, but you could create...
  14. I

    Input Hardening Plesk with AbuseIPDB

    I am looking to remove some of the noise and brute force attempt from the maillog and would appreciate people's thoughts and experience. There seem to be three options: 1. The Plesk firewall 2. Fail2ban 3. AbuseIPDB Plesk firewall The firewall (iptables) allows me to be specific and so I...
Back
Top