Question Configure the Plesk Firewall vs Configure ModSecurity & Fail2ban

[CiaceNT]

Configure the Plesk Firewall vs Configure ModSecurity & Fail2ban

Hi I’ve a dilemma!
I’ve a dedicated web server with Plesk 17.8.11 and with the last upgrade I got Advisor with two firewall extension “ Plesk Firewall” and “ModSecurity & Fail2ban”.
I found documentation on the web about the different characteristics bout I still not sure about the best solution for my site and server.
I done the backup and I and I found this documentation online:

How to restore a Plesk xml.tar/xml.zip backup file on another Plesk server

If something go wrong can I use this cli command for restore until the last good setting?

 

[Brujo]

Well as allways yes Backup is good to do before changes. Another suggestion is if you are not familar with this things do not enable all at once because the advisor tells it,
step by step approache makes perhabs in your case more sense. Check if everything works after you enable a module and then make the next steps..
Also take time and read the knowledge base articles like:
How to install Plesk Firewall
How to manage firewall rules on a Plesk for Linux server

If you follow this you should not need to recover anything

 

[CiaceNT]

Thanks, today I’m busy but tomorrow I’ll try to do the configuration.

 

[CiaceNT]

Hello, I’ve a dedicated server with Centos 7.6.1810 and Plesk 17.8.11, I’ve Installed Plesk firewall and I have a lot of service open as screenshot can show you.
I just closed Samba daemon but if I use nmap for see how many ports are open I received the follow list of open port.

Host is up (0.49s latency).
Not shown: 926 filtered ports, 62 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
106/tcp open pop3pw
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
8443/tcp open https-alt

I’m need open only the necessary service for the site, http, https, ssh etc.
For example I don’t want use ftp because I prefer working with scp and I need close the “Customer & Business Manager payment gateways”, is possible because my site at the moment don’t have to recevied payment.

I’m not sure which port I have to close.

I set SMTP: 465 into the back-end of Joomla for the email.

Somebody can help me?

 

[Ales]

Looking at the screenshot and from what you've told us, set the following to deny incoming connections:
- Customer & Business Manager payment gateways
- Single Sign-on
- Mail Password Change service
- Plesk VPN.

Optionally, limit the following to accept incoming connections only from 127.0.0.1 (and ::1 if you use IPv6) but do this only if no external connections are needed for either MySQL or PostgreSQL:
- MySQL server
- PostgreSQL server.

Set the following to deny incoming connections:
- FTP server passive ports
- FTP server

but do check if the File Manager within Plesk still works afterwards. If it doesn't and you need it, try limiting both FTP items to accept incoming connections only from 127.0.0.1 (and ::1 if you use IPv6) instead.

 

[CiaceNT]

Thanks for help, have a nice day !