Search results

Hi, is there a best practice about turn on (or leave off) SELinux with plesk ? Thank you

Hi trialotto, I already use f2b with maxretry and recidive, my question was about that even if I've adopted these two action my Dovecot gone offline for a brute force attack that send over 20 request per second! and f2b failed to manage this situation. That's why I would consider to integrate...

trialotto and mr-wolf.. Thank you both. I have two question about your explanation : a) what about performance if I configure a huge amount of IP (from various country, not only cn) ? Isn't a trouble for nginx to read every times this db? Or if I configure all "good" cidr for firewall isn't...

Hi trialotto, do you talk about firewall-cmd (package: firewalld) to use with f2b ?

Hi trialotto, can you explain how to implement the use of firewall to block specific countries ? Thank you

Hi mr-wolf, I'm happy that your country script works. I'll install firewall too asap. I've resolve the problem with f2b and ipset (it works like a charm) and now I'm trying to implement iptables --seconds 1 --hitcount 10 to some port (22, 110, 25....)

Hi mr-wolf, thank you for your support/cooperation. If it can help you, you can try to enable firewall at your side and then click on preview bottom. It show you the script (and the INPUT chain) that will be apply to the iptables. I hope that this help you (and me).

Thank you, mr-wolf. Fail2Ban is present since 12.5 under security panel from plesk. It's a service that you can activate and configure with a gui. It's a good scanner of log files (Fail2ban) and with 17.5 you have 0.9.6 version. There is a new enhanced version: 0.11.

Hi mr-wolf, so you suggest to enable plesk firewall or load a firewall like you ?

So, what you can suggest to have a "realtime" protection ? Set a number of login attempts per minute ?

Hi, I'm on CentOs 7.3 and there isn't iptables under sysconfig but ip6tables-config and iptables-config. This is the output of command # Generated by iptables-save v1.4.21 on Wed Sep 27 10:10:51 2017 *filter :INPUT ACCEPT [13:1196] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [6:540] :f2b-BadBots -...

Hi UFHH01, the problem persist if I use this action with Fail2Ban. Can you suggest something to try ? Thank you

So, if I change Fail2Ban to use ipset (and not iptables) can I further reduce this latency ?

If your customers have a staatic ip, you can put their IP in "trusted IP address" under Fail2Ban section on plesk

I've tried to use command line to create a test ipset and it works : ipset -v ipset v6.29, protocol version: 6 [root@server action.d]# ipset create f2b-iptest hash:ip timeout 3600 [root@server action.d]# ipset list Name: f2b-iptest Type: hash:ip Revision: 1 Header: family inet hashsize 1024...

Hi UFHH01, I'm in the same situation: f2bmng failed: ERROR Found no accessible config files for 'action.d/iptables-ipset-proto6-allports.conf' under /etc/fail2ban :( Edit : now it works. I've remove extension (.conf) from the action line and no errors are showed. Now I'm testing it. Edit 2: It...

Hi UFHH01, this is my situation So, my question is: why should I mod permissions ? Isn't them already ok ?

this is my error f2bmng failed: ERROR Found no accessible config files for 'action.d/iptables-ipset-proto6-allports.conf' under /etc/fail2ban ERROR Error in action definition iptables-ipset-proto6-allports.conf[name="postfix-rbl", port="smtp,smtps,submission"] ERROR Errors in jail...

I have tried these two entry in jail.local (one at time), but without success : [postfix-rbl] enabled = true filter = postfix-rbl action = iptables-ipset-proto6-allports.conf[name="postfix-rbl", port="smtp,smtps,submission"] iptables-ipset-proto4.conf[name="postfix-rbl"...

Hi UFHH01, these are the output : ls -lah /etc/fail2ban/action.d/ | grep iptables -rw-r----- 1 root root 1.5K Mar 14 2017 iptables-allports.conf -rw-r----- 1 root root 1.9K Mar 14 2017 iptables-common.conf -rw-r----- 1 root root 1.4K Sep 11 11:21 iptables.conf -rw-r----- 1 root root 1.8K Sep...