Question Fail 2 Ban with Plesk

[Sally1]

Hello,

i would like to use Fail 2 Ban on Plesk Onyx Version 17.8.11 Update #64 CentOS Linux 7.6.1810 (Core)‬ and would like to know, before activating if

- The Hosted Wordpress Domains are using Cloudflare, do I have to exclude Cloudflare IPs under Trusted Ips?

- All Jails can be turned on with the Standard Config, or do I have to configure them before?


Thx
Sally

 

[Bitpalast]

- The Hosted Wordpress Domains are using Cloudflare, do I have to exclude Cloudflare IPs under Trusted Ips?

No.

- All Jails can be turned on with the Standard Config, or do I have to configure them before?

Standard configuration is fine.

The only thing you must make sure is that your server's own IP address and the 127.0.0.1 address are whitelisted (trusted).

 

[learning_curve]

Worth noting that on the Plesk Version you're using @Sally1 there's still no suport at all, from Plesk for IPV6 on Fail2Ban.
See this thread and the links from it: Input - Backport Fail2Ban IPv6 Support to Plesk Onyx 17.x

 

[Sally1]

Thanks a Lot for the Information. Will start to Test it out

 

[Sally1]

Just a quick follow up. I have activated yet all jails, and get since yesterday a lot Ips banned mostly to:

recidive
plesk-postfix

What would be the recommended Action: iptables-allports or iptables-multiport? Is there a way that the blocked IPs are added automatically to an iptables rule for persistent blocking? Are there some other rulesets / templates for securing WordPress websites with F2B?

Thx
Sally

 

[Bitpalast]

Actually, the default setup does not require additional action. The recidive jail is already your "long term" jail. For the recidive jail the fail2ban log is checked for repeated bans that result from other rules.

You can control the length of the ban in the recidive jail by configuring the jail. Click on the "recidive" jail name link on the jails tab, then "Change Settings".



Then enter the number of seconds a recidive ban shall stay in effect in the "IP address ban period" field and store the configuration. For example, if you want repeating offenders to stay in this jail for a month, enter 2678400.

 

[Sally1]

Thanks Peter, I setup the recidive jail for a month now. Just wondering if I should add under the different jails the actions to ip-tables allports, so when a specific jail is triggered the IP is blocked on all ports?

Thx
Sally

 

[GravuTrad]

Hello,

Does it exist a model of plesk fail2ban jail for smtp bruteforce attacks please?

edit: seems smtp filters already exists, so i try to configure the jail correctly

edit2: seems plesk filter only for imap and not smtp

edit3: ok postfix-sasl filter, but there's only one postfix jail preconfigured, and based on "mode=auth"

How to add jails (actions) for all others postfix modes availables?

Thanks

 

[GravuTrad]

plesk postfix mode agressive jail added. i will try if sufficient.

 

[Panthermic03]

Hello,

Does it exist a model of plesk fail2ban jail for smtp bruteforce attacks please?

edit: seems smtp filters already exists, so i try to configure the jail correctly

edit2: seems plesk filter only for imap and not smtp

edit3: ok postfix-sasl filter, but there's only one postfix jail preconfigured, and based on "mode=auth"

How to add jails (actions) for all others postfix modes availables? PrepaidCardStatus

Thanks

Thank you so much for helping with this wonderful article.