Brute Force Attacks

[DanTron]

My Plesk 10.1.1 server is now CONSTANTLY being hammered for failed ssh, ftp, imap, pop3, smtp login attempts.
The attacks come from IPs all over; China, Portugal, Mexico, Uzbekistan, etc.

I've installed fail2ban to block ssh and ftp...

BUT something like fail2ban should be in Plesk. Brute Force attacks are VERY common these days.

There should be something in Plesk to auto-ban IP address that fail login attempts more than X times in X minutes ON ANY SERVICE (ssh, ftp, imap, pop3, smtp, Plesk Admin Panel, etc.)

AND it should notify the sys-admin via email what IP's are being banned, geo-locate the IPs, and allow the admin to override a ban or remove an IP ban when a client just messes up too many times or manage a whitelist/blacklist.

 

[EdwardDekker]

Block some ports and get secured by PCI Compliance

Hi,

* As i read you'll should be block port 22 at first. This by disable root access and portnumber into the config file of shhd.
Set up you firewall and go to virtuozzo or paralells automation and select the firewall and change your shh portnumber.

* Follow these insturctions at http://download1.parallels.com/Plesk/PP10/10.3.1/Doc/en-US/online/plesk-pci-compliance-guide.
Now you should be save for a time.

Good luck!

 

[lvalics]

Try to use a better firewall that integrated into PLESK. Use CSF or APF those are good enough.