Facebook
TwitterWhen I look into the log files of my linux server, I can see some frequent vulnerability access attempts which are not addressed by Plesk's preconfigured fail2ban filters.
I suggest adding filters for postfix-sasl and postfix-ssl as well as for apache-404 scans into plesk to more harden a server.
My experience shows good results with the filters given below.
filter.d/apache404.local
[Definition]
failregex = <HOST> - .* "(GET|POST|HEAD).*HTTP.*"\s404\s
ignoreregex = .*(robots.txt|favicon.ico|jpg|png)
[INCLUDES]
before = common.conf
filter.d/postfix-sasl.local
[Definition]
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed([\s\w+\/:]*={0,4})?\s*$
ignoreregex = authentication failed: Connection lost to authentication server$
[INCLUDES]
before = common.conf
filter.d/postfix-ssl.local
[Definition]
failregex = ^%(__prefix_line)sSSL_accept error from \S+\s*\[<HOST>\]
ignoreregex =
[INCLUDES]
before = common.conf
And these are the correseponding jail configs:
I suggest adding filters for postfix-sasl and postfix-ssl as well as for apache-404 scans into plesk to more harden a server.
My experience shows good results with the filters given below.
filter.d/apache404.local
[Definition]
failregex = <HOST> - .* "(GET|POST|HEAD).*HTTP.*"\s404\s
ignoreregex = .*(robots.txt|favicon.ico|jpg|png)
[INCLUDES]
before = common.conf
filter.d/postfix-sasl.local
[Definition]
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed([\s\w+\/:]*={0,4})?\s*$
ignoreregex = authentication failed: Connection lost to authentication server$
[INCLUDES]
before = common.conf
filter.d/postfix-ssl.local
[Definition]
failregex = ^%(__prefix_line)sSSL_accept error from \S+\s*\[<HOST>\]
ignoreregex =
[INCLUDES]
before = common.conf
And these are the correseponding jail configs:
