Ban IP after X login attempts

[EgidijusS]

Yes. I agree with You. If is certain number of failed logins from the same IP. Need to ban that IP.

 

[wverboom]

i hope something gonna be added soon!

 

[Nikolay.]

If anybody's still unaware, there's a Fail2Ban integration in the Plesk preview, which does just that. Go check it out.

 

[Jay Versluis]

Since Plesk 12 isn't ready for prime time yet, I have another solution which works wonders to keep those pesky hackers out: OSSEC.

It works exactly like fail2ban, it's open source, and can be installed via the atomic repo. You can get it from http://ossec.net. I've written some instructions on how to install it here: http://wpguru.co.uk/2011/11/how-to-install-ossec-hids/

It works well with Plesk and is available for Windows too.

 

[SibProgrammer]

If you want such feature for older versions, you can create event handler, track cp_user_login_failed, cp_user_api_login_failed events, store attempts to some file and check it via fail2ban.

P.S. Info on how to create event handler: http://download1.parallels.com/Plesk/PP11/11.5/Doc/en-US/online/plesk-api-read-me-first/68703.htm

 

[ganastasiou]

A better solution for brute-force attacks in every service, is CSF+LFD. You can define custom logs and it's not that difficult to create your own regexp. Also for roundcube(i prefer it to horde) i use rcguard(captcha plugin) to prevent automated scripts who try to find password/or usernames using webmail.

 

[danami]

A better solution for brute-force attacks in every service, is CSF+LFD. You can define custom logs and it's not that difficult to create your own regexp. Also for roundcube(i prefer it to horde) i use rcguard(captcha plugin) to prevent automated scripts who try to find password/or usernames using webmail.

Take a look at our Juggernaut Security and Firewall protect (The link is in the Parallels 3rd party solutions and extensions folder). Its based off of CSF but now has deep integration with Plesk. We have done all the hard work for you! PM me if you are on a budget and I'll save you some money with a coupon code.

 

[ganastasiou]

Take a look at our Juggernaut Security and Firewall protect (The link is in the Parallels 3rd party solutions and extensions folder). Its based off of CSF but now has deep integration with Plesk. We have done all the hard work for you! PM me if you are on a budget and I'll save you some money with a coupon code.

And why would i want that, when i can use it without paying?

 

[danami]

Juggernaut Security and Firewall

1. It includes a modsecurity audit log viewer.
2. Re-written all the login failure regex and process ignore patterns to support Plesk (many origional regex didn't work with plesk although and I've submitted the fixes to Chirpy the developer of CSF).
3. Much better GUI with deep integration with Plesk and a full audit log for all actions.
4. Full i18n support for multiple languages and themeable using jquery themebuilder.
5. Optimized support for ipv6 including Geolocation lookups.
6. Customizable dashboard, write your own dashboard widgets or report plugins.
7. Many many more.

 

[danami]

And why would i want that, when i can use it without paying?

Double check your LFD mail/courier regex because the defaults don't work with Plesk. PM me if you want and I'll give you the fixes for CSF.

 

[ganastasiou]

Double check your LFD mail/courier regex because the defaults don't work with Plesk. PM me if you want and I'll give you the fixes for CSF.

Thanks but i know that CSF/LFD doesn't support postfix, i have create my own regexp(in regex.custom.pm), also for proftpd/ssh doesn't work quite well with the counter using the default one, i have fixed this one.

And soon i will make some more adjustment to work with panel logs and roundcube/horde logs, instead of the rcguard plugin i use for captcha.(if you have the regular expressions and you want to share them, paste them here)

 

[danami]

(if you have the regular expressions and you want to share them, paste them here)

Here are some of the regex for the plesk 12 panel, horde and Roundecube. The fixes for postfix, qmail, and courer-imap should make their way into the next version of CSF:

http://docs.danami.com/article/AA-0.../15.-Login-Failure-Blocking-Custom-Regex.html

 

[ganastasiou]

Here are some of the regex for the plesk 12 panel, horde and Roundecube. The fixes for postfix, qmail, and courer-imap should make their way into the next version of CSF:

http://docs.danami.com/article/AA-0.../15.-Login-Failure-Blocking-Custom-Regex.html

Thanks, i appreciate that. I didn't mean to offend you before, i respect your work in embedding csf/lfd in plesk panel(in cpanel/whm where already implemented), but i am familiar with shell so i can live without that.

Thanks again for the regexps i was missing.

 

[ganastasiou]

Here are some of the regex for the plesk 12 panel, horde and Roundecube. The fixes for postfix, qmail, and courer-imap should make their way into the next version of CSF:

http://docs.danami.com/article/AA-0.../15.-Login-Failure-Blocking-Custom-Regex.html

Thanks, i appreciate that. I checked your work in implementing web interface for CSF/LFD, good work!

 

[IgorG]

Please be informed, now it is possible to BAN a client IP IF Plesk detects authentication failures in admin CP.
Thanks to newly integrated third-party, Fail2Ban. It has set of jails that cover both Plesk hosting services and Plesk core: ssh, mail, web, ftp, Plesk CP, etc.

 

[ganastasiou]

Please be informed, now it is possible to BAN a client IP IF Plesk detects authentication failures in admin CP.
Thanks to newly integrated third-party, Fail2Ban. It has set of jails that cover both Plesk hosting services and Plesk core: ssh, mail, web, ftp, Plesk CP, etc.

Exactly what csf/lfd does, but i don't have to wait for v12.