• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Fail2Ban banning without any reason

J

julianchntl

New Pleskian
Server operating system version
Ubuntu 22.04.2 LTS
Plesk version and microupdate number
Obsidian 18.0.49
Hello all,

I have been using Plesk for a bit longer now. However, after moving to a new server I have quite severe problems with Fail2Ban. Website visitors are banned for no reason, including myself when I delete files in Nextcloud for example.

Have any of you ever had such a problem and how did you solve it?

Kind regards,
Julian
 
Please look into /var/log/fail2ban.log which jail is banning. I have a suspicion, but need that information first to narrow the cause down.
 
Peter Debik said:
Please look into /var/log/fail2ban.log which jail is banning. I have a suspicion, but need that information first to narrow the cause down.
Click to expand...
It‘s the plesk-recidive jail. It‘s also reproducable, after reloading a website for 3 times the ip is getting banned.
 
There is no plesk-recidive jail. I guess you meant the recidive jail, which is the jail where an IP address ends up when it was banned too many times in the other jails.

Please recheck the IP address in /var/log/fail2ban.log and see what happened before it was moved to the recidive jail. I guess that it's the plesk-modsecurity jail that causes this issue.
 
I also think it's ModSecurity. I've had this on servers here and ended up deactivating that jail (leaving ModSecurity on, of course).
 
Yes, you are right. I mixed up something, it is the plesk-modsecurity jail. Is there a solution for this or can I disable it without worrying?
 
You can either disable the plesk-modsecurity jail or try to find out which ModSecurity rules are causing this issue. Be aware that this can be a lot of work if you have a busy server:


Search for the ID tags (each ModSecurity rule has an ID number) in /var/log/modsec_audit.log that trigger the plesk-modsecurity jail.
Those IDs look like this: [id "33340006"].
If that ID is causing the issue, disable it, as explained in the support article in the link above.
 
You must log in or register to reply here.

Similar threads

J
Issue Default plesk-wordpress fail2ban doesn't work
Replies
6
Views
839
Peter Debik
P
P
Issue Moved to Plesk but now PHP $_Post won't work
Replies
2
Views
409
Pompeiivnx
P
A
Question Some security questions
Replies
2
Views
703
amba1980
A
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
1
Views
223
Sebahat.hadzhi
Sebahat.hadzhi
X
Resolved everything stops when I use wordpress
Replies
4
Views
713
Xenesy
X
Back
Top