Search results

@LRob That fits, thank you very much! One hand washes the other :)

@Kaspar This code works fine also with IPv6: #!/bin/bash # Your AbuseIPDB API Key API_KEY="123" # File where already reported IPs are stored REPORTED_IPS_FILE="/var/log/reported_ips.log" # If the file doesn't exist, create it [ ! -f "$REPORTED_IPS_FILE" ] && touch "$REPORTED_IPS_FILE"...

@Kaspar Unfortunately, for a few days now, thousands of such bots have been sending corresponding requests to the web urls within a few hours, which places a heavy load on the CPU. These requests are contained in each of these bot IPs. And are apparently not recognized by the previous Fail2Ban...

Hey! I would like to block an IP if any of the following URLs are accessed three times. Essentially, if a bot tries to access these files multiple times, it should be automatically blocked: /wp-content/plugins/index.php /admin/function.php /wp-admin/user/network.php...

You can also simply prevent it via .htacesss or nginx directive. But with all these questions, one thing is paramount: inexperienced users do not know this. However, Plesk suggests on the help page that the WordPress Plesk jail protects against brute force. I also assumed this at first: But then...

@Maarten But not every WordPress instance is managed with WP Toolkit. That's what the Fail2bBan jails are for. So it doesn't change the actual point that many brute force attacks on servers are not recognized, but this is suggested with the jail. But thanks for the info anyway. I wasn't aware...

Acutal /etc/fail2ban/filter.d/plesk-wordpress.conf: failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200 Suggestion /etc/fail2ban/filter.d/plesk-wordpress.conf: failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200 failregex = ^<HOST>.* "POST...

Hello! I've been using the WordPress jail in Fail2Ban to protect my WordPress installations from brute-force attacks. While I appreciate the protection it offers, I recently noticed a significant gap in its coverage that raises some concerns regarding security. Specifically, I’ve observed...

Hello everyone, I have a question regarding the PHP FPM handlers and their description in the documentation. In Plesk, I see the following options for executing PHP: FastCGI application (Apache) FPM application (Apache) FPM application (nginx) Dedicated FPM application (Apache) Dedicated FPM...

If I change the settings so that PHP runs under Apache, it works. Is this the recommended way?

Hi all, I have a server running Plesk with Nginx configured as a reverse proxy in front of Apache. I have several domains hosted on this server, and I want to ensure that .htaccess rules are always enforced, especially to prevent direct access to certain PHP files. For example, I have the...

@ChristophRo I do not use the Plesk Performance Booster, or at least I have not activated it via panel.ini, as described here: (Plesk for Linux) Website Performance Optimization Could there still be problems here? I mean the problems also existed before I configured the PHP 8.2 JIT compiler...

Hello everyone, I’ve been experiencing intermittent issues where certain domains on my Plesk Obsidian (Ubuntu 22.04 LTS) instance go offline with the following error: 503 Service Unavailable Service Unavailable The server is temporarily unable to service your request due to maintenance...

Perhaps this helps? Issue - Failed to apply the firewall configuration - [ext-firewall] set to 40 seconds

Described the solution for nginx here: Issue - Failed to apply the firewall configuration - [ext-firewall] set to 40 seconds Can be similarly modified for other web servers.

My hoster has analyzed the problem with Plesk. It should be fixed with an update. Temporarily it should help to do the following: systemctl edit nginx.service Paste: ### Editing /etc/systemd/system/nginx.service.d/override.conf ### Anything between here and the comment below will become the...

Super vielen Dank, das hat geholfen. Wäre natürlich klasse, wenn die Zertifikate automatisch unter chroot laufen würden :)

@Peter Debik but I don't use WP CLI. Its a normal http Request I made here

I tried it again: My Panel.ini: [ext-firewall] confirmTimeout = 120 confirmTimeoutCli = 120 Wanted to open TCP port 8080 for everyone. Error: Now with: Plesk Obsidian Version 18.0.54 Update #2, zuletzt aktualisiert: 2. Aug. 2023 04:22:24 @Jeroen Bl I use the default ssh port - same error...

Command: curl -u user:passwd https://example.com/wp-cron.php?doing_wp_cron Error: 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (77) error setting certificate file: /etc/ssl/certs/ca-certificates.crt Checked file: [CODE]ls -l...