Recent content by regenix

Syslogs from right around the time of the Fail2Ban shutdown and flush... Oct 18 06:32:39 jello systemd[1]: Started Plesk task: Daily Maintenance: LoadCustomizations (task=6975 process=6976 trace=3780978:6712377dd8ad9). Oct 18 06:32:39 jello systemd[1]: run-plesk-task-6976.service: Deactivated...

The more I'm digging through the logs the more I'm thinking Plex system maintenance or some component of immunify disabled my firewall randomly.. and that is completely infuriating if true.

I'm including a section of the fail2ban logs the day it seems like fail2ban went down if anyone wants to analyze it. It may show evidence of a malicious script taking down my firewall but I'm not sure. Also in the Auth logs during the same time I see these two lines: Oct 18 06:33:57 jello...

Also I went back and looked through my fail2ban log archives and noticed a big amount of IP's were unbanned when they should have been perma banned. Is this a sign of malicious behavior or can this happen after a Plesk update that effects fail2ban/security modules? :(

Logged in after a couple weeks to check my server on the backend and found it this way. My plesk firewall extension was uninstalled, UFW was turned off, and Fail2Ban was missing from Plesk. Is this just an update or something to do with Plesk or was I hacked? Seriously the Fail2ban and...

So just to confirm, these are the IP addresses that we need to whitelist in our firewall in order for ordinary Plesk licensing to work? I did a who.is on a few of the IP's and the ones I looked at were all just listed as Vultr servers. Also (since I saw you mention Cloudflare) could I just get...

That's not really a direct map of what I see listed but thank you for that. I'm assuming most of them are just your standard everyday ports. Is there any documentation linking to EXACTLY what ports are used in each service listed on the firewall though?? I really wish they were just labelled on...

Just found a fantastic method for helping to get to the bottom of this. Asked GPT-4o: Hey is there a command in linux/ssh to show which method I used to logon? (If it was with a password or with a public key?) GPT's Answer: ----------- Yes, you can view the IP address associated with your...

Just as it says in the title. I am curious to know because I enable the line in sshd_config called 'PermitRootLogin prohibit-password' and that disabled password login (which is good since I can just securely login using keys generated from PuTTY). My question is does the Plesk terminal have...

The current Plesk Firewall doesn't list Port numbers. Or much information at all. Does anyone have a map as to what these services map to? Some of them are obvious like SSH server, Ping. But what is 'WWW server using HTTP/3'? Ports 80/443? I want to see port numbers. If anyone has a list as to...