fail2ban

I have re-installed Fail2Ban: plesk installer --select-release-current --remove-component fail2ban (I also cleared the sqlite and other files) plesk installer --select-release-current --install-component fail2ban However, the standard Plesk jails and filters were not installed. Is there a way...

Hello good morning You already know me from this forum, I am new to the world of PLESK, I am configuring my server little by little, learning a lot. I have a question, I have IP Address Banning configured but I don't know if I have it configured correctly because looking at it I found that in...

Hi all, Do you know which program fails2ban works with under Almalinux9? Erwan

Hello, My linux level is way below beginner. Just setup my own server for development purposes. So am using fail2ban for fail ssh attempts, and I noticed that I am gettin g a lot of hits from bots in the error.log attempting to access standard login phps or pls. So I would like to add a...

Hello community! I have a custom Fail2ban filter and jail. They were both set up from the web interface, however, one of my sites encountered an issue with Google's crawlers being banned by it. Obviously they use a whole bunch of IPs which they might change so I figured the best way is to...

Hello, fail2ban always blocks the IP addresses when a certain website is accessed. in the failban log 2023-10-17 09:58:57,096 fail2ban.filter [1958]: INFO [plesk-apache] Found banned IP - 2023-10-17 09:58:57 Other entries cannot be found in other log files. It only affects this WordPress...

Hi, I'm about to buy Plesk, I'm trying it and it doesn't convince me one thing, I installed LiteSpeed but no rule was created on Fail2Ban, as it happens for Apache. Do I have to configure the jail manually? Eventually, with what rules? Thank you

Hi, I'm trying to configure an email alert on some jail, but after I have configured it I have this error on fail2ban status : Jun 29 11:07:09 server.com fail2ban-server[144124]: Server ready Jun 29 11:07:09 server.com plesk-sendmail[144203]: S144203: from=<fail2ban@server.com> to=<xxx@xxx.com>...

I have a new site up, a work in progress and I'm already seeing tons of malicious traffic. I went from relying on mod_security and fail2ban to installing imunify360 because of how much hype I saw online. Now, i'm how different Imunify360 works compared to fail2ban and I'm not convinced its...

Hi, as it was discussed in this thread (Question - New installation: best practices, useful tips, suggests) before installing Plesk on server, I have removed Fail2Ban, there was been some problems during installation. When I have reboot the server, Fail2ban was disable (I cannot start it) and I...

I've been monitoring my server logs (the realtime log browser) and even though my HW firewall is setup to only permit access to a particular set of ports (ie: apache/nginx/ftp) etc. I still see a constant stream of bots/ips/servers trying to access SSH on my server and being unsuccessful. I use...

Hi All, I have a VPS, with the provider Contabo. Their support is pretty useless, so im reaching out to the community. Every few days, my E-mail stops working across the entire server with the same error (example below) (the email addresses change). Sometimes i can get acess back briefly by...

filter: [Definition] failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200 ignoreregex = jail: [plesk-wordpress] enabled = true filter = plesk-wordpress action = iptables-multiport[name="wp-login", port="http,https", protocol="tcp"] logpath =...

Hello Community, I try to ban user with too many SASL authentication failures, the jail plesk-postfix does not seem to do this out of the box - at least I find a lot of tries in the maillog but no IP in its jail. There might be several reasons. First I'm a bit confused because I find a jail...

Hi. I have a problem with fail2ban. The fail2ban log shows this message and is banning users: I don't know which filter is causing this and how to fix it. Is there a way to update the standard-filters in plesk? Fail2ban Version: fail2ban...

My fail2ban doesn't ban this kind of records myserver courier-imaps: LOGIN FAILED, user=legaluser@example.com, ip=[::ffff:185.30.177.79], port=[3609] I see that plesk-courierimap jail should ban the ip of this record. This jail uses the filter plesk-courierlogin, which includes the regexp...

If you are blocked from your own server by Fail2Ban, you should check whether the Gmail app is running on the phone and whether IMAP/POP3 accounts are also configured there, which are collected. There may be old auth data entered and that locks you out. You may have entered this account in the...

As I only use nginx I guess it would be interesting to install for fail2ban an additional jail + filter just for nginx. Are there proposals to enhance the Plesk-fail2ban configuration for doing this?

I'm using Nextcloud and want to set its logfile to fail2ban's logpath. But when I specify the Nextcloud log(/var/www/vhosts/MYACCOUT/nextcloud/data/nextcloud.log), fail2ban gets failed. It seems that fail2ban can only be specified in /var/log or some other area. For example, I can't specify...

I want to specify the following filter in Plesk fail2ban. Even though I create it in filter management, when I create a new jail it does not appear in the menu as an option in the list of filters. I'm able to create the filter itself, but cannot specify it in new jail. How can I specify the...