• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Anacron job 'cron.daily' on server.domain (Fail2Ban Automatic Closing Problem)

claxman

claxman

New Pleskian
I receive an email every day at "03:32" with the time zone of (GMT +03:00) Europe/Istanbul. The email is sent from a mail server, and it indicates that the "IP Address Ban (Fail2Ban)" is automatically disabled at this time every night. I have to reactivate "Fail2Ban" every day.

I have attached the daily logs and email content before Fail2Ban closes. I have tried various changes for a week to determine the cause of this error. For example, I permanently deleted Fail2ban and reinstalled it from the Plesk updates section. I also changed Fail2Ban settings. However, the same problem persists.

I would be happy if you could help me with what I can do to prevent Fail2ban from automatically closing.


Mail Content:

1676806497039.png
Plesk Dashbord:

1676806434088.png

Fail2Ban Logs "/var/log/fail2ban.log":
2023-02-12 03:25:46,514 fail2ban.filter [2645835]: INFO [plesk-postfix] Found 141.98.11.146 - 2023-02-12 03:25:45
2023-02-12 03:26:25,678 fail2ban.filter [2645835]: INFO [plesk-postfix] Found 141.98.11.93 - 2023-02-12 03:26:25
2023-02-12 03:26:32,028 fail2ban.filter [2645835]: INFO [plesk-postfix] Found 141.98.10.72 - 2023-02-12 03:26:32
2023-02-12 03:27:36,153 fail2ban.server [2645835]: INFO Shutdown in progress...
2023-02-12 03:27:36,153 fail2ban.observer [2645835]: INFO Observer stop ... try to end queue 5 seconds
2023-02-12 03:27:36,207 fail2ban.observer [2645835]: INFO Observer stopped, 0 events remaining.
2023-02-12 03:27:36,233 fail2ban.server [2645835]: INFO Stopping all jails
2023-02-12 03:27:36,233 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain1.org/logs/access_log'
2023-02-12 03:27:36,246 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain1.org/logs/access_ssl_log'
2023-02-12 03:27:36,246 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/httpd/access_log'
2023-02-12 03:27:36,253 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain13.org/logs/access_log'
2023-02-12 03:27:36,253 fail2ban.filter [2645835]: ERROR Unable to get failures in /var/log/fail2ban.log
2023-02-12 03:27:36,253 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/fail2ban.log'
2023-02-12 03:27:36,253 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/plesk-roundcube/errors'
2023-02-12 03:27:36,258 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/plesk/panel.log'
2023-02-12 03:27:36,263 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain8.org/logs/error_log'
2023-02-12 03:27:36,265 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain14.org/logs/error_log'
2023-02-12 03:27:36,265 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain13.org/logs/error_log'
2023-02-12 03:27:36,265 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/httpd/error_log'
2023-02-12 03:27:36,265 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain5.org/logs/error_log'
2023-02-12 03:27:36,266 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain4.org/logs/error_log'
2023-02-12 03:27:36,271 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/maillog'
2023-02-12 03:27:36,272 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/secure'
2023-02-12 03:27:36,272 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/maillog'
2023-02-12 03:27:36,276 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/modsec_audit.log'
2023-02-12 03:27:36,280 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/secure'
2023-02-12 03:27:36,284 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain1.org/logs/access_log'
2023-02-12 03:27:36,285 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain2.org/logs/proxy_access_log'
2023-02-12 03:27:36,290 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain1.org/logs/proxy_access_ssl_log'
2023-02-12 03:27:36,291 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain1.org/logs/proxy_access_log'
2023-02-12 03:27:36,291 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain1.org/logs/access_ssl_log'
2023-02-12 03:27:36,291 fail2ban.filter [2645835]: INFO Removed logfile: '/var/log/httpd/access_log'
2023-02-12 03:27:36,291 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain13.org/logs/proxy_access_ssl_log'
2023-02-12 03:27:36,293 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain8.org/logs/access_ssl_log'
2023-02-12 03:27:36,293 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain5.org/logs/proxy_access_log'
2023-02-12 03:27:36,293 fail2ban.actions [2645835]: NOTICE [plesk-panel] Flush ticket(s) with iptables-multiport-plesk-login
2023-02-12 03:27:36,293 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain15.org/logs/access_ssl_log'
2023-02-12 03:27:36,294 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain10.org/logs/access_ssl_log'
2023-02-12 03:27:36,294 fail2ban.actions [2645835]: NOTICE [plesk-apache] Flush ticket(s) with iptables-multiport-apache
2023-02-12 03:27:36,294 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain3.org/logs/proxy_access_ssl_log'
2023-02-12 03:27:36,295 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain14.org/logs/proxy_access_log'
2023-02-12 03:27:36,295 fail2ban.filter [2645835]: INFO Removed logfile: '/var/www/vhosts/system/domain13.org/logs/access_log'
2023-02-12 03:27:36,302 fail2ban.actions [2645835]: NOTICE [plesk-dovecot] Flush ticket(s) with iptables-multiport
2023-02-12 03:27:36,359 fail2ban.actions [2645835]: NOTICE [plesk-roundcube] Flush ticket(s) with iptables-multiport
2023-02-12 03:27:36,367 fail2ban.actions [2645835]: NOTICE [plesk-apache-badbot] Flush ticket(s) with iptables-multiport-BadBots
2023-02-12 03:27:36,378 fail2ban.actions [2645835]: NOTICE [plesk-wordpress] Flush ticket(s) with iptables-multiport
2023-02-12 03:27:36,413 fail2ban.actions [2645835]: NOTICE [plesk-proftpd] Flush ticket(s) with iptables-multiport
2023-02-12 03:27:36,428 fail2ban.actions [2645835]: NOTICE [ssh] Flush ticket(s) with iptables
2023-02-12 03:27:36,455 fail2ban.actions [2645835]: NOTICE [plesk-modsecurity] Flush ticket(s) with iptables-multiport
2023-02-12 03:27:36,466 fail2ban.actions [2645835]: NOTICE [plesk-postfix] Flush ticket(s) with iptables-multiport
2023-02-12 03:27:36,906 fail2ban.actions [2645835]: NOTICE [recidive] Flush ticket(s) with iptables-allports
2023-02-12 03:27:36,910 fail2ban.actions [2645835]: NOTICE [recidive] Unban 202.55.132.190
2023-02-12 03:27:36,910 fail2ban.actions [2645835]: NOTICE [recidive] Unban 109.206.240.159
2023-02-12 03:27:36,910 fail2ban.actions [2645835]: NOTICE [recidive] Unban 141.98.10.76
2023-02-12 03:27:36,910 fail2ban.actions [2645835]: NOTICE [recidive] Unban 193.56.29.178
2023-02-12 03:27:36,911 fail2ban.actions [2645835]: NOTICE [recidive] Unban 87.246.7.229
2023-02-12 03:27:36,911 fail2ban.actions [2645835]: NOTICE [recidive] Unban 185.254.37.138
2023-02-12 03:27:37,501 fail2ban.jail [2645835]: INFO Jail 'plesk-apache-badbot' stopped
2023-02-12 03:27:37,502 fail2ban.jail [2645835]: INFO Jail 'recidive' stopped
2023-02-12 03:27:37,502 fail2ban.jail [2645835]: INFO Jail 'plesk-roundcube' stopped
2023-02-12 03:27:37,502 fail2ban.jail [2645835]: INFO Jail 'plesk-panel' stopped
2023-02-12 03:27:37,502 fail2ban.jail [2645835]: INFO Jail 'plesk-apache' stopped
2023-02-12 03:27:37,502 fail2ban.jail [2645835]: INFO Jail 'plesk-dovecot' stopped
2023-02-12 03:27:37,502 fail2ban.jail [2645835]: INFO Jail 'ssh' stopped
2023-02-12 03:27:37,502 fail2ban.jail [2645835]: INFO Jail 'plesk-postfix' stopped
2023-02-12 03:27:37,502 fail2ban.jail [2645835]: INFO Jail 'plesk-modsecurity' stopped
2023-02-12 03:27:37,502 fail2ban.jail [2645835]: INFO Jail 'plesk-proftpd' stopped
2023-02-12 03:27:37,502 fail2ban.jail [2645835]: INFO Jail 'plesk-wordpress' stopped
2023-02-12 03:27:37,503 fail2ban.database [2645835]: INFO Connection to database closed.
2023-02-12 03:27:37,503 fail2ban.server [2645835]: INFO Exiting Fail2ban
Click to expand...
 

Attachments

  • 1676806497039.png
    1676806497039.png
    161.4 KB · Views: 9
This is an issue with the daily updates of the Atomic Advanced ModSecurity rule sets.

I'm not sure if this is a known issue. @Peter Debik Can you check this, please?
 
Yes, the same issue occured with another user a couple of years ago. Fail2ban is stopped by firewalld, and that again is probably stopped by something that Atomic does or an incompatible add-on on the server. But it is impossible to say if that is the same cause here as we don't know what is installed on the system. I don't think that this should be handled in a forum dialogue, it's just a too complex multi-step action that is required, including temporary debug mode, fail2ban wrapper to get a process list output and further tests to check the root cause on the server.

@claxman I suggest to let support engineers to that on your server directly. Please refer them to PPS-9729, former ticket 260854 and article 360017100680 for quicker access to what needs to get checked.
support.plesk.com

How to get support directly from Plesk?

Question How to get support directly from Plesk? Answer Lease-type Plesk licenses purchased directly from Plesk running on supported Plesk version include full free support. Perpetual-type license...
support.plesk.com support.plesk.com
 
I think that's a separate issue, as this one is easy to reproduce:
Code: 
[root@server cron.daily]# ./aum_nightly.sh
[root@server cron.daily]# panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x7f6de1]

goroutine 1 [running]:
awp/awp_components/c_ossec.RulesXMLParse({0x933a84, 0x20})
    /builddir/build/BUILD/aum/src/awp/awp_components/c_ossec/RulesXMLParse.go:18 +0xc1
awp.rules_hids_state_update_base()
    /builddir/build/BUILD/aum/src/awp/awp.rules.hids.go:27 +0x3a
awp.RulesHidsStateUpdateBase(...)
    /builddir/build/BUILD/aum/src/awp/awp.rules.hids.go:19
main.report_init()
    /builddir/build/BUILD/aum/src/bin/aum_nightly.go:139 +0x19b
main.main()
    /builddir/build/BUILD/aum/src/bin/aum_nightly.go:45 +0x2e

Do you want me to report this as a bug?
 
Peter Debik said:
Yes, the same issue occured with another user a couple of years ago. Fail2ban is stopped by firewalld, and that again is probably stopped by something that Atomic does or an incompatible add-on on the server. But it is impossible to say if that is the same cause here as we don't know what is installed on the system. I don't think that this should be handled in a forum dialogue, it's just a too complex multi-step action that is required, including temporary debug mode, fail2ban wrapper to get a process list output and further tests to check the root cause on the server.

@claxman I suggest to let support engineers to that on your server directly. Please refer them to PPS-9729, former ticket 260854 and article 360017100680 for quicker access to what needs to get checked.
support.plesk.com

How to get support directly from Plesk?

Question How to get support directly from Plesk? Answer Lease-type Plesk licenses purchased directly from Plesk running on supported Plesk version include full free support. Perpetual-type license...
support.plesk.com support.plesk.com
Click to expand...

maartenv said:
I think that's a separate issue, as this one is easy to reproduce:
Code: 
[root@server cron.daily]# ./aum_nightly.sh
[root@server cron.daily]# panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x7f6de1]

goroutine 1 [running]:
awp/awp_components/c_ossec.RulesXMLParse({0x933a84, 0x20})
    /builddir/build/BUILD/aum/src/awp/awp_components/c_ossec/RulesXMLParse.go:18 +0xc1
awp.rules_hids_state_update_base()
    /builddir/build/BUILD/aum/src/awp/awp.rules.hids.go:27 +0x3a
awp.RulesHidsStateUpdateBase(...)
    /builddir/build/BUILD/aum/src/awp/awp.rules.hids.go:19
main.report_init()
    /builddir/build/BUILD/aum/src/bin/aum_nightly.go:139 +0x19b
main.main()
    /builddir/build/BUILD/aum/src/bin/aum_nightly.go:45 +0x2e

Do you want me to report this as a bug?
Click to expand...

Thanks for your answers.
 
Hi there,
I'm having exactly having the same issue on my server. In the ModSecurity module, I'm also using the Atomic ruleset, although the Standard (free) version. I also tried removing and reinstalling the Fail2Ban module, but this didn't work. Today I switched to Comodo free ruleset. Lets see if this helps.
If any updates are on this matter, would you please let me know?
Thanks!
 
I just received a message from Plesk Support that the issue has been escalated to the Plesk developer's team. I will keep you informed once I receive a reply from Plesk Support.
 
Hiljo_Lodewijk said:
Merhaba,
Tam olarak aynı sorunu sunucumda yaşıyorum. ModSecurity modülünde, Standart (ücretsiz) sürüm olmasına rağmen Atomic kural setini de kullanıyorum. Fail2Ban modülünü kaldırıp yeniden yüklemeyi de denedim ama bu işe yaramadı. Bugün Comodo ücretsiz kural setine geçtim. Bunun yardımcı olup olmadığını görelim.
Bu konuyla ilgili bir gelişme olursa lütfen beni bilgilendirir misiniz?
Teşekkürler!
Click to expand...

1676925904003.png


I tried both options. Error. I turned off "ModSecurity" completely. I'll get back to you about the situation tomorrow.
1676925941260.png
 
Hiljo_Lodewijk said:
Hi there,
I'm having exactly having the same issue on my server. In the ModSecurity module, I'm also using the Atomic ruleset, although the Standard (free) version. I also tried removing and reinstalling the Fail2Ban module, but this didn't work. Today I switched to Comodo free ruleset. Lets see if this helps.
If any updates are on this matter, would you please let me know?
Thanks!
Click to expand...
1676939606513.png

It always disables Fail2ban at the same time.
 
Plesk has investigated the issue on our servers and returned the results to Atomic. Atomic has confirmed this problem and will release an update as early as the end of next week. Afterward, the issue should no longer be observed.

In the meantime, you might disable/turn off the cron task "/etc/cron.daily/aum_nightly.sh" to avoid receiving notifications about this issue or wait for the update to be released.
 
There is ongoing correspondence. Plesk has disabled Atomic rulesets on new installations temporarily. Atomic had provided two fixes, but as far as I know neither completely resolved the issues. It is being worked on, no ETA yet.
 
You must log in or register to reply here.

Similar threads

F
Issue Fail2ban: Ip addresses are not blocked by Recidive
Replies
14
Views
1K
frg62
F
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
461
W4ru
W
I
Question Mail fail
Replies
0
Views
770
ivanes82
I
W
Issue scheduled task ERROR | /opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/wp-toolkit/scripts/instances-auto-update.php'
Replies
3
Views
3K
Wolfgang Reidlinger
W
A
Question Upgrade Almalinux 8 to 9 with Plesk installed
Replies
6
Views
4K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top