Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion -
Inviting everyone to the UX test of a new security feature in the WP Toolkit
For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.
Paul Ellison
Basic Pleskian
Is the following KB article of any use?
http://kb.odin.com/en/1418
http://kb.odin.com/en/1418
dopeboy
Basic Pleskian
maybe the problem is cause i'm using cloudflare?!
Code:
root@panel:~# service courier-imapd start
courier-imapd: unrecognized service
You have Dovecot POP3/IMAP server instead of Courier-Imap. First of all, make sure that ports 110 and 143 are not firewalled on your server. Also, investigation error messages related to Dovecot in /var/log/maillog would be very useful for troubleshooting this issue.
@dopeboy,
It is certainly not very likely that CloudFlare has anything to do with the problem: the default configuration of CloudFlare ascertains that mail traffic bypasses the CDN and it´s cache.
Simply stated, CloudFlare does not handle mail traffic and sends it to the mail server in question.
I would recommend that you try to create a second (new) mailbox for the same domain, in which the (troublesome) old mailbox exists.
Then do the following:
a) try send a mail from gmail to the new mailbox,
b) try to send a mail from the new to old mailbox,
c) try to send a mail from the old to new mailbox,
and analyse the results.
If steps b and c are working, everything is fine on the mail server side, but somehow gmail gets blocked.
If step c is working (and step b is not), then something has been wrong with the old mailbox.
If step a is working, well, just use the new mailbox instead (that is the most convenient "work-around", not an actual solution).
Anyway, the above helps to reduce the number of potential causes for your mail problem.
Let me know the results and then we can have a further look.
Regards....
PS Also make sure that you follow the advice of @IgorG: check for firewall related blocks of IPs and/or have a look at the maillog. Please provide the relevant output of the maillog file, that concerns the log lines associated with the execution of steps a to c.
It is certainly not very likely that CloudFlare has anything to do with the problem: the default configuration of CloudFlare ascertains that mail traffic bypasses the CDN and it´s cache.
Simply stated, CloudFlare does not handle mail traffic and sends it to the mail server in question.
I would recommend that you try to create a second (new) mailbox for the same domain, in which the (troublesome) old mailbox exists.
Then do the following:
a) try send a mail from gmail to the new mailbox,
b) try to send a mail from the new to old mailbox,
c) try to send a mail from the old to new mailbox,
and analyse the results.
If steps b and c are working, everything is fine on the mail server side, but somehow gmail gets blocked.
If step c is working (and step b is not), then something has been wrong with the old mailbox.
If step a is working, well, just use the new mailbox instead (that is the most convenient "work-around", not an actual solution).
Anyway, the above helps to reduce the number of potential causes for your mail problem.
Let me know the results and then we can have a further look.
Regards....
PS Also make sure that you follow the advice of @IgorG: check for firewall related blocks of IPs and/or have a look at the maillog. Please provide the relevant output of the maillog file, that concerns the log lines associated with the execution of steps a to c.
dopeboy
Basic Pleskian
hello thanks for support but i can answer for this now
i have a new problem, my server is under ddos attack, i have install a script DDoS deflate, my server is up and network is not going down now. but i have one problem
if i visit my ip is up
but if i try to login on port 8443 <-- plesk panel
i can't login looks like is down or closed!
any idea how to fix this?
help me please!
EDTI: " This problem is solved just port was closed on csf.conf now is working "
I will start with email problem and i will come back to reply about this
i have a new problem, my server is under ddos attack, i have install a script DDoS deflate, my server is up and network is not going down now. but i have one problem
if i visit my ip is up
but if i try to login on port 8443 <-- plesk panel
i can't login looks like is down or closed!
any idea how to fix this?
Code:
root@my:~# service psa status
is running
root@my:~# service psa stopall
Stopping tomcat service... unused
Stopping apache service... done
Stopping virusfilter service... not installed
Stopping spamfilter service... done
Stopping mailer service... done
Stopping named service... done
Stopping mysql service... done
Stopping sw_cp_server service... done
Stopping sw_engine service... done
root@my:~# service psa startall
Starting sw_engine service... invoke-rc.d: initscript sw-engine, action "status" failed.
done
Starting sw_cp_server service... invoke-rc.d: initscript sw-cp-server, action "status" failed.
done
Starting mysql service... already started
Starting named service... done
Starting mailer service... done
Starting spamfilter service... invoke-rc.d: initscript spamassassin, action "status" failed.
done
Starting tomcat service... unused
Starting apache service... done
Starting superserver service... already started
root@my:~# service nginx status
[ ok ] nginx is running.
root@my:~# service apache2 status
Apache2 is running (pid 12419).
root@my:~#
root@my:~# nmap localhost
Starting Nmap 6.00 ( http://nmap.org ) at 2016-02-27 10:38 GMT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000050s latency).
rDNS record for 127.0.0.1: m***
Not shown: 985 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
106/tcp open pop3pw
110/tcp open pop3
143/tcp open imap
465/tcp open smtps
783/tcp open spamassassin
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
5432/tcp open postgresql
8080/tcp open http-proxy
8443/tcp open https-alt
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
root@my:~#
root@my:~# csf -p
Ports listening for external connections and the executables running behind them:
Port/Proto Open Conn PID/User Command Line Executable
21/tcp 4/6 - (2632/root) /usr/sbin/xinetd -pidfile /var/run/x... /usr/sbin/xinetd
22/tcp 4/6 1 (2633/root) /usr/sbin/sshd /usr/sbin/sshd
25/tcp 4/6 - (12163/root) /usr/lib/postfix/master /usr/lib/postfix/master
53/tcp 4/6 - (11906/bind) /usr/sbin/named -t /var/named/run-ro... /usr/sbin/named
80/tcp 4/6 - (2693/root) nginx: master process /usr/sbin/nginx /usr/sbin/nginx
80/tcp 4/6 - (2694/nginx) nginx: worker process /usr/sbin/nginx
106/tcp -/- - (2632/root) /usr/sbin/xinetd -pidfile /var/run/x... /usr/sbin/xinetd
110/tcp 4/6 - (12175/root) /usr/sbin/dovecot -c /etc/dovecot/do... /usr/sbin/dovecot
143/tcp 4/6 - (12175/root) /usr/sbin/dovecot -c /etc/dovecot/do... /usr/sbin/dovecot
443/tcp 4/6 - (2693/root) nginx: master process /usr/sbin/nginx /usr/sbin/nginx
443/tcp 4/6 - (2694/nginx) nginx: worker process /usr/sbin/nginx
465/tcp 4/6 - (12163/root) /usr/lib/postfix/master /usr/lib/postfix/master
993/tcp 4/6 - (12175/root) /usr/sbin/dovecot -c /etc/dovecot/do... /usr/sbin/dovecot
995/tcp 4/6 - (12175/root) /usr/sbin/dovecot -c /etc/dovecot/do... /usr/sbin/dovecot
3306/tcp -/- - (11463/mysql) /usr/sbin/mysqld --basedir=/usr --da... /usr/sbin/mysqld
4190/tcp -/- - (12175/root) /usr/sbin/dovecot -c /etc/dovecot/do... /usr/sbin/dovecot
7080/tcp -/- - (12419/root) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7080/tcp -/- - (12444/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7080/tcp -/- - (12446/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7080/tcp -/- - (12448/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7080/tcp -/- - (12450/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7080/tcp -/- - (12452/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7080/tcp -/- - (12454/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7081/tcp -/- - (12419/root) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7081/tcp -/- - (12444/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7081/tcp -/- - (12446/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7081/tcp -/- - (12448/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7081/tcp -/- - (12450/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7081/tcp -/- - (12452/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
7081/tcp -/- - (12454/www-data) /usr/sbin/apache2 -k start /usr/lib/apache2/mpm-prefork/apache2
8080/tcp -/- - (3730/tomcat7) /usr/lib/jvm/default-java/bin/java -... /usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java
8443/tcp -/- - (11761/root) sw-cp-server: master process /usr/sb... /usr/sbin/sw-cp-serverd
8443/tcp -/- - (11762/sw-cp-server) sw-cp-server: worker process /usr/sbin/sw-cp-serverd
8880/tcp -/- - (11761/root) sw-cp-server: master process /usr/sb... /usr/sbin/sw-cp-serverd
8880/tcp -/- - (11762/sw-cp-server) sw-cp-server: worker process /usr/sbin/sw-cp-serverd
53/udp 4/6 - (11906/bind) /usr/sbin/named -t /var/named/run-ro... /usr/sbin/named
68/udp -/- - (1978/root) dhclient -v -pf /run/dhclient.eth0.p... /sbin/dhclient
2057/udp -/- - (1978/root) dhclient -v -pf /run/dhclient.eth0.p... /sbin/dhclient
31693/udp -/- - (1978/root) dhclient -v -pf /run/dhclient.eth0.p... /sbin/dhclient
root@my:~#EDTI: " This problem is solved just port was closed on csf.conf now is working "
I will start with email problem and i will come back to reply about this
Last edited:
@dopeboy
You mentioned that
and from that I can derive that you use some ConfigServer based solution. Is that correct?
I would not really recommend to use ConfigServer with Plesk.
On the other hand, you mentioned that
and I have to ask whether you are using a custom script, or the Admin Ahead extension.
In general, it is really hard to defend against "true DDoS attacks" and the (free) Fail2Ban (as provided with Plesk) is just as "good" as any other script, even though it really has to be emphasized a script based solution to DDoS attacks is a "second best", when compared to a combination of a firewall and a proxy (like Nginx) with elaborate custom settings.
I would really recommend to use Fail2Ban, if and only if some of the settings are tweaked to get the most out of Fail2Ban.
The best advice I can give you: decrease the attack surface, in order to reduce the probability on and severity of DDoS attacks.
To illustrate, you have a lot of open ports on your system, some of which can probably be closed or limited to the localhost: consider the MySQL and PostgreSQL ports.
Anyway, hope the above helps a bit.
Regards.....
You mentioned that
and from that I can derive that you use some ConfigServer based solution. Is that correct?
I would not really recommend to use ConfigServer with Plesk.
On the other hand, you mentioned that
and I have to ask whether you are using a custom script, or the Admin Ahead extension.
In general, it is really hard to defend against "true DDoS attacks" and the (free) Fail2Ban (as provided with Plesk) is just as "good" as any other script, even though it really has to be emphasized a script based solution to DDoS attacks is a "second best", when compared to a combination of a firewall and a proxy (like Nginx) with elaborate custom settings.
I would really recommend to use Fail2Ban, if and only if some of the settings are tweaked to get the most out of Fail2Ban.
The best advice I can give you: decrease the attack surface, in order to reduce the probability on and severity of DDoS attacks.
To illustrate, you have a lot of open ports on your system, some of which can probably be closed or limited to the localhost: consider the MySQL and PostgreSQL ports.
Anyway, hope the above helps a bit.
Regards.....
dopeboy
Basic Pleskian
Thanks for u suggestion @trialotto
They are some kids and they are just jealous for my service. but the problem is cause my company has no protection for ddos'ers
So now i have talk with one friend and they has give me this script called "DDos Deflate" Is not Admin Ahead Extension!
Some times ddos is 100MB/s some times 2-3 GB/s, And they has ddosing me on port 22,80,21
They start 1 day ago when my server has been up without firewall, fail2ban and modsecurity,
Some times they has ddossing me on port 80 and all domains hosted by me was down!
after this they start to ddosing me on port 21 and 22. and i login on my server via serial console and i shut it down
today i start to work with it
as i say i have install this script Ddos deflate, csf + one script for iptables.
i have install psad and i have block others to use "ping" or "nmap" on server ip.
but i'm learning how to create one filter for fail2ban and psad, example if is and report from psad if anyone has try to scan server port fail2ban will make it ban
i have read this post http://webmasters.stackexchange.com/questions/30821/fail2ban-port-scanning
i have write on fail2ban conf this failregex = PORT DENIED: .* SRC=<HOST> but is not working for now.
also i have active all jails for fail2ban
failure numbers "1"
modsecurity ON
i have change my server ip. and for all domains hosted by me i'm using ipv6 not ipv4. cause they don't know how to ddos ipv6
also i have read some posts on google, for ddos protection example some people can install a proxy on my server to protect me. but i have one server from OVH which is with anti DDos and i'm reading on google maybe i find a way how to do this with my server.
My server is up for now. and i hope to stay up!
And Sorry for bad english!
They are some kids and they are just jealous for my service. but the problem is cause my company has no protection for ddos'ers
So now i have talk with one friend and they has give me this script called "DDos Deflate" Is not Admin Ahead Extension!
Some times ddos is 100MB/s some times 2-3 GB/s, And they has ddosing me on port 22,80,21
They start 1 day ago when my server has been up without firewall, fail2ban and modsecurity,
Some times they has ddossing me on port 80 and all domains hosted by me was down!
after this they start to ddosing me on port 21 and 22. and i login on my server via serial console and i shut it down
today i start to work with it
as i say i have install this script Ddos deflate, csf + one script for iptables.
i have install psad and i have block others to use "ping" or "nmap" on server ip.
but i'm learning how to create one filter for fail2ban and psad, example if is and report from psad if anyone has try to scan server port fail2ban will make it ban
i have read this post http://webmasters.stackexchange.com/questions/30821/fail2ban-port-scanning
i have write on fail2ban conf this failregex = PORT DENIED: .* SRC=<HOST> but is not working for now.
also i have active all jails for fail2ban
failure numbers "1"
modsecurity ON
i have change my server ip. and for all domains hosted by me i'm using ipv6 not ipv4. cause they don't know how to ddos ipv6
also i have read some posts on google, for ddos protection example some people can install a proxy on my server to protect me. but i have one server from OVH which is with anti DDos and i'm reading on google maybe i find a way how to do this with my server.
My server is up for now. and i hope to stay up!
And Sorry for bad english!
Similar threads
