• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Ddos Attacks and Fail2ban

kevin722

New Pleskian
Hello, I hope I am in right place to ask this.
I am new to Plesk and I have followed the guides to resolve my problem but no luck yet.

My issue is that my website is under continuous ddos attacks from one specific country. I have tried Fail2ban but it "failed" to do the job. I am also covered by cloudflare but the attackers must have gotten through that.

I keep blocking the IPs manually through the Firewall. I don't even know how to set a range of IPs for that specific country.

Thanks in advance,
Kevin
 
Our Juggernaut Firewall product supports blocking specific countries. Let me know if you require any information.
 
I am still suffering from this problem. I know the attacks origin but I cannot add a range of ips to Plesk Firewall. Any help in how I can enter a range of IPs?
 
Hi UFHH01,
For some reason, I can't enter the article. It says "You do not have permission to view this page or perform this action."
 
Hi kevin722,

pls. wait for the approval of the new article, which should be done by a forum - administrator / moderator in a short time. ;)


Edit since we have friday ( WE ) and you might not like to wait :D, here is a copy:

There might be several situations, where you could desire to insert not only a single IP to your iptables, but as well IP Ranges. Such a goal can be easily acchieved by using "ipset" on your server:

  • Install "ipset" ( with "apt-get"/"aptitude" on Debian/Ubuntu - based systems / with "yum" on CentOS/RHEL - based systems )
  • Create a new ruleset and add single IPs or IP Ranges:
Code:
ipset -N blacklist-YOUR-DESIRED-NAME hash:net hashsize 4096 maxelem 131050

# For a single IP, use:
ipset -A blacklist-YOUR-DESIRED-NAME XXX.XXX.XXX.XXX

# For an IP Range, use:
ipset -A blacklist-YOUR-DESIRED-NAME XXX.XXX.XXX.XXX/24


iptables -N blacklist-YOUR-DESIRED-NAME
iptables -A blacklist-YOUR-DESIRED-NAME -m set --match-set blacklist-YOUR-DESIRED-NAME src -j DROP


  • Save your ruleset:
Code:
ipset save > /root/ipset_blacklist-YOUR-DESIRED-NAME
  • Restore your ruleset:
Code:
ipset restore < /root/ipset_blacklist-YOUR-DESIRED-NAME


  • Test if an IP or a IP Range exist in one of your rulesets:
Code:
ipset test XXX.XXX.XXX.XXX
ipset test XXX.XXX.XXX.XXX/24
  • Delete a single IP or an IP Range from a ruleset
Code:
ipset del ipset_blacklist-YOUR-DESIRED-NAME XXX.XXX.XXX.XXX

ipset del ipset_blacklist-YOUR-DESIRED-NAME XXX.XXX.XXX.XXX/24



For further informations about the possible command options of "ipset" or "iptables", pls. use the "--help" option string!
Code:
ipset --help

iptables --help
 
I am still suffering from this problem. I know the attacks origin but I cannot add a range of ips to Plesk Firewall. Any help in how I can enter a range of IPs?
Any effort to block a DDoS attack on the target server is a waste of time. You must liaise with your network provider to block the traffic upstream. You can build the most elaborate firewall on that server, the DDoS packets will still hit the network interface and the server will still use CPU cycles to process them.
 
Very interesting topic, thank you. But how I hate DDoS attacks, sometimes you go to an online shop, and it's brutally hung up. I used to work in a small firm as a regular worker once upon a time. When COVID-19 hit us all, we quickly went online and took orders through our website. Due to DDoS attacks it became impossible to accept orders. We had to hire a good programmer and solving the problem became very expensive for the firm, we almost went bankrupt, and then our management learned about the benefits of pre pack administrations and resold the company to other hands. I resigned and decided to start from scratch. I am now a student of information security.
 
Last edited:
Back
Top