Does Plesk admin login block brute force attacks, or do i need fail2ban

[Dan Mikkelsen]

Hi

I have installed fail2ban and it is successfully blocking bruteforce attacks on SSH, but what about bruteforce attempts on the plesk admin login? Does plesk take some precautions on this? (if not, that might be a suggestion). Or should 3rd party applications be used for this, because i have no idea on how to set up fail2ban for this (not a linux pro unfortunately), but it seems to be the application of choice for this.

 

[IgorG]

Look at Settings -> Restrict Administrative Access

 

[Dan Mikkelsen]

Thanks, but this just let me block specific IP addresses. What I was concerned about was if Plesk automatically blocks attempts for some minutes or so when you have entered the wrong information enough times. Or can a person keep trying until I block him myself after checking logfiles (which isn't often).

 

[IgorG]

mysql> select * from misc where param='lock_attempts';
+---------------+-----+
| param | val |
+---------------+-----+
| lock_attempts | 5 |
+---------------+-----+
1 row in set (0.00 sec)

Only 5 attempts of login is allowed.

 

[Dan Mikkelsen]

Thanks!

Now i can rest easy again

 

[Amin Taheri]

You should still look into using something like denyhosts, mod_evasive, fail2ban or something like that - otherwise an attacker could just keep trying once they get unlocked, or worse, keep trying for every and the admin account will always be locked in that you cant get in anymore.

 

[Dan Mikkelsen]

If have fail2ban installed, but i don't know how to connect it to PLESK.

I can't sem to find any info on this.

 

[Amin Taheri]

hvae it look at the logs, I think the acces_log or error_log should log failed login attempts