I'm afraid I won't be able to edit this. The article is meant to jump start you and others on the topic. I am using similar settings on my servers here, but meanwhile already with a lot of changes as attacks constantly evolve.
But what you could do is to add the suggested modification as a...
I think there is something wrong with the SQLite database where the WP Toolkit extension stores some values, but it's hard to say what. If there are not too many websites on the server, maybe removing WP Toolkit and reinstalling it can help. Otherwise or if you have doubts about taking that...
Existing files managed by Plesk may be changed, but additional custom files that you create will not be touched.
There is no such hook, but why can you not let Plesk manage the certificate for you?
I must admit that I've been ignoring this and put my own config into the files anyway. The only situation where this ever needed a manual intervention was on the centos2alma upgrade when Dovecot was completely reinstalled. But many years before the configs were never changed.
If the pages really exist, you can only manually ban the IP, e.g.
# fail2ban-client set recidive banip <ip address goes here>
But if you find a file that responds with a code 200 but is actually not a valid page of the site, you could use that to detect the bot and ban it automatically.
@cloudadmin If possible, do you still know the time of the migration and the website? We'd like to check it in the server logs here. You can send the information in a private message to me.
@cloudadmin Could you please tell me the Migrator version on the source server that you have used for migration? Current versions should migrate the Sitejet key, too. Maybe it was an outdated version? You can find the version in the "Extension" on the Migrator icon.
Can you read the file on the console, like
# cat /var/www/vhosts/<your subscription domain>/httpdocs/config.ini
?
What permissions and ownership does it have?
As I understand it, your bot does not have a signature (no name) and it only crawls existing pages, correct? Are you sure that all the 200 responses are truly existing pages or might a rewrite rule in your .htaccess file respond to everything with code 200?