Facebook
TwitterMy Plesk 10.1.1 server is now CONSTANTLY being hammered for failed ssh, ftp, imap, pop3, smtp login attempts.
The attacks come from IPs all over; China, Portugal, Mexico, Uzbekistan, etc.
I've installed fail2ban to block ssh and ftp...
BUT something like fail2ban should be in Plesk. Brute Force attacks are VERY common these days.
There should be something in Plesk to auto-ban IP address that fail login attempts more than X times in X minutes ON ANY SERVICE (ssh, ftp, imap, pop3, smtp, Plesk Admin Panel, etc.)
AND it should notify the sys-admin via email what IP's are being banned, geo-locate the IPs, and allow the admin to override a ban or remove an IP ban when a client just messes up too many times or manage a whitelist/blacklist.
The attacks come from IPs all over; China, Portugal, Mexico, Uzbekistan, etc.
I've installed fail2ban to block ssh and ftp...
BUT something like fail2ban should be in Plesk. Brute Force attacks are VERY common these days.
There should be something in Plesk to auto-ban IP address that fail login attempts more than X times in X minutes ON ANY SERVICE (ssh, ftp, imap, pop3, smtp, Plesk Admin Panel, etc.)
AND it should notify the sys-admin via email what IP's are being banned, geo-locate the IPs, and allow the admin to override a ban or remove an IP ban when a client just messes up too many times or manage a whitelist/blacklist.
