• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question DokuWiki gets my banned from my Plesk server

V

vic666

New Pleskian
I could observe many times in the last few weeks that everytime I click around a bit more enthusiastically in DokuWiki, a private Wiki I have set up as a subdomain in Plesk, there comes a point when the page won't load anymore and I can't reach any website anymore hosted on my Plesk server.

Apparently, what happens is that I get banned. So I ssh into the server, turn off fail2ban, and everything works again.

Any idea why this is happening? Is this a matter of setting up fail2ban differently or is this an issue with DokuWiki?
 
Just some additional info: I see a couple of these messages

2020-12-06 19:03:18,124 fail2ban.filter [418]: INFO [plesk-apache] Found 185.72.69.130 - 2020-12-06 19:03:18

Before I get

2020-12-06 19:03:18,263 fail2ban.filter [418]: INFO [recidive] Found 185.72.69.130

And yes, 185.72.69.130 is the IP adress of the computer from which I'm accessing the Wiki and Plesk, respectively.
 
Look into your error_log if you find any "client denied by server configuration" entries. These would point to some files or directories that are protected through a web server rule (e.g. a rule in .htaccess). If such resources are frequently requested, it will trigger the Apache jail.
 
Hi Peter, thanks for replying so quickly. I ran grep -r -i "client denied" * within /var/log with no result. Furthermore, I checked the following log files manually:

/var/log/sw-sp-server/error_log
/var/log/apache2/error.log
/var/log/ngingx/error.log
/var/log/plesk-php75-fm/error.log

None of these log contain any entries at all at or around the time when this happened. The entries that are there are from before and don't seem at all relevant.
 
These are probably the wrong logs. Look into the logs directory in the subscription that descend from /var/www/vhosts/<subscription>/logs.
 
Hi Peter,

Thanks for the hint. Since I was thrown out by the entire web server, I didn't think to look in the vhost logs. And sure enough, there are plenty of those client denied messages. Here just the most recent entries before another ban:

Code: 
logs/wiki.example.com/error_log:[Sun Dec 06 19:31:14.725055 2020] [authz_core:error] [pid 25869:tid 139756147042048] [client 185.72.69.130:34262] AH01630: client denied by server configuration: /var/www/vhosts/example.com/wiki.example.com/data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png, referer: https://wiki.example.com/doku.php?id=group:km-erpsoft-viewer:sidebar&do=admin
logs/wiki.example.com/error_log:[Mon Dec 07 15:34:46.800374 2020] [authz_core:error] [pid 19799:tid 139756524517120] [client 188.154.92.172:43928] AH01630: client denied by server configuration: /var/www/vhosts/example.com/wiki.example.com/data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png, referer: https://wiki.example.com/doku.php?id=start&do=admin
logs/wiki.example.com/error_log:[Mon Dec 07 15:36:29.617935 2020] [authz_core:error] [pid 19799:tid 139756524517120] [client 188.154.92.172:44226] AH01630: client denied by server configuration: /var/www/vhosts/example.com/wiki.example.com/data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png, referer: https://wiki.example.com/doku.php?id=start&do=admin
logs/wiki.example.com/error_log:[Mon Dec 07 18:31:55.617115 2020] [authz_core:error] [pid 19799:tid 139756541302528] [client 84.254.95.98:50662] AH01630: client denied by server configuration: /var/www/vhosts/example.com/wiki.example.com/data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png, referer: https://wiki.example.com/doku.php?id=start&do=admin
logs/wiki.example.com/error_log:[Mon Dec 07 18:37:27.336370 2020] [authz_core:error] [pid 19798:tid 139756675520256] [client 84.254.95.98:51174] AH01630: client denied by server configuration: /var/www/vhosts/example.com/wiki.example.com/data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png, referer: https://wiki.example.com/doku.php?id=group:km-erpsoft-viewer:sidebar&do=admin

The IP address starting with 84 is mine and clearly got blocked. If the message in the PNG filename is to be believed, it seems that all is set up correctly, though.

Thoughts?
 
You must log in or register to reply here.

Similar threads

Gianni
Question My IP in jail fail2ban using plesk
Replies
0
Views
429
Gianni
Gianni
R
Issue UFW turned off and Fail2Ban suddenly completely missing from Plesk Panel -- Very Concerning
Replies
4
Views
2K
regenix
R
F
Issue No data displayed in Monitoring extension anymore after modifying the Panel access port
Replies
6
Views
466
frg62
F
S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
936
sulabhpuri
S
llucas
Question Remote access to server database
Replies
0
Views
461
llucas
llucas
Back
Top