Search results

As can be seen on the attached print screen, the domain is well configured to have emails signed by DKIM, and the option selected only prevents Incoming emails. Yet server, which by the email content, does use the postfix Plesk service, does NOT sign with the DKIM key. This is found by me to...

Can I force an update after a reported failed attempt due to mis-configuration of the service? And if so, how could this be achieved / done?

This should be enabled, as the way the emails are sent, doe NOT enable adding DKIM signature, which leads them to spam, which might be a security issue. IMHO, Plesk should take more seriously ANY security exposure arising from its product, and QUICKLY enable sending srever alert emails with a...

I find the reported issue as a Plesk BUG, and not a feature request, as it poses a security risk, where one implementing a strict DMARC policy won't see an alert going to spam, or in order to get alerts, might loosen the strict DMARC security policy. I expect Plesk to provide a walk around to...

Can you please say, what was their solution?

Hi @SalvadorS, You may also read more about this kind of attack, attempt at exploiting the shellshock vulnerability, over here: https://www.johndstech.com/tag/modsecurity/ https://www.skepticism.us/posts/2015/05/new-in-your-face-malware-attacks-me-ringing-at-your-dorbell/

Hi SalvadorS, To the best of my understanding these are records of the Apache2 server being accessed via IP. This could be local server owns access, or others trying to access your server that way. The log file is: other_vhosts_access.log See that log listed on the Plesk Support KB article...

Hi Igor, Thanks! Can you please advise regarding the rate requested which is requests per time: limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; As in: Module ngx_http_limit_req_module NGINX Rate Limiting

I have managed to walk-around a problem, where I could not make the BASH script return a STDOUT value to the SecRule. I did so, by first writing BAD IPs to a log file, and then, testing in a second rule if an IP is on the file. I have also created SecRule generating sessionID. I still haven't...

SecRule needs some modification.

Eureka! It now works as a charm. The last modification needed, was the change of the script permissions to be 755: The ModSecurity rule, which currently works, fast as a lightening. Due to the broad nature of the abuseipdb, this SecRule is one of the strongest and thin cyber security...

I would adjust, so the checking of an IP would be done only once, within a timeframe. If IP is Ok, server is good. And if IP is blocked.. well, it would be blocked by the FireWall, as of its next connection... And not that this is the only server protection... However, out of the 0.1% attacks...

Hi John, Thanks. I understand this aspect, and intended to observe it, or to, some how, serve an Ok, and test the IPs off-line a few seconds later, when still relevant to their activity. However, due to the fact most attacks rotate their IPs, and rarely use them again on the same target, a...

Hi, For the last couples of days I'm struggling with having ModSecurity execute a bash script. This script dynamically checks an IP against abuseIPDB. The script works if activated as a stand alone, however fails, when called from a ModSecurity rule. When run on its own I insert a specific IP...

Hi, The below is the checking part of the referred script. I'll start checking if and how may I use it. May I ask if you would have any thoughts regarding adjustment to the below code, that will make it suitable for running via a ModSecurity rule?

Would you say, such script can be called by ModSecurity using the @inspectFile directive? https://github.com/ShaneOss/AbuseIPDB-cPanel-CSF/blob/master/checkipabuseipdb.sh

Hi Mark, Thanks! I became aware of that option, however Plesk Support recommendation is not to use CSF in parallel to the Plesk Fire Wall.

Hi, I would like to check IPs connecting ports as 80 and 443, on real-time, against data base of abusing IPs, as abuseupdb.com. I have an API key, which allows curl checks. A test may look like this: Where the results would look like this: I also use ModSecurirty, that enables LUA...

Regarding the file: Note 3: Make sure to place your API key at its bottom:

Hi, This is now possible. First create an account and get an API key from: https://www.abuseipdb.com/account The create the file: Place in the content: Note: the "" around 'comment=<matches>' were changed to single quotes ''. Note: the curl --tlsv1.2 --fail...