• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved fail2ban.filter [17529]: INFO [plesk-wordpress]

R

Rastronet

New Pleskian
Server operating system version
centos 7
Plesk version and microupdate number
18.0.50
Good afternoon everyone.
I wanted to ask you about the following.
Reviewing the Firewall log, I have seen that I had many SSH attacks, which I have cut from Raid.
But still they continue to appear this type of messages and I don't know what they are, and I don't know how to block them.
You can tell me what I should do.
Thank you.

fail2ban.filter [17529]: INFO [plesk-wordpress] Found xxx.xxx.xxx.xxx

From several IP addresses
 

Attachments

  • Screenshot_365.png
    Screenshot_365.png
    21.4 KB · Views: 7
That's just info. I would recommend that you make sure you configure Fail2Ban for auto banning. I would also recommend that you make sure you configure the firewall. If all of those are configured, then the info you see there is just that, info. Fail2Ban will automatically ban IP addresses based off of your jails and settings. Refer to the following articles for assisting you configuring them:
docs.plesk.com

Protection Against Brute Force Attacks (Fail2Ban)

IP address banning (Fail2Ban) is an automated way to protect your server from brute force attacks. Fail2Ban uses regu...
docs.plesk.com docs.plesk.com
docs.plesk.com

(Plesk for Linux) The Plesk Firewall

The Plesk firewall is a tool you can use to improve the security of your Plesk for Linux server by restricting network connections to and/or from the server.
docs.plesk.com docs.plesk.com
 
Good morning, and thank you very much for answering.
If in principle the fail2ban is configured.

As can be seen in the attached image, I also have the activated firewall, and the SSH service disabled

But they are entering somewhere, since I clean from Malwares 2 days ago several website and today they just told me that at least one of them is infected.
The WordPress, update them, both plugin, Themes and WP version.
In case there were any vulnerability, but it is clear that they must attack or enter on the other hand, because they just infected a website again.

How can I stop that problem, or how can I know where they are entering to block it.
thank you


On the web now every time you click on a link, it goes to another website with the attached images.
 

Attachments

  • Screenshot_366.png
    Screenshot_366.png
    42.3 KB · Views: 5
  • Screenshot_367.png
    Screenshot_367.png
    59.7 KB · Views: 5
  • Screenshot_368.png
    Screenshot_368.png
    4.6 KB · Views: 5
Fail2ban cannot protect your website against hackers to upload malicious code. Neither can ModSecurity or your firewall settings.

Malware enters Wordpress websites through either flawed themes or plugins. Some of which are even designed to open a backdoor. Your best bet is to ask Google with searches like "<name of theme> malware", because often other users have already reported that piece of software is not safe to use. I also strongly recommend to apply all suggested security settings from Plesk's WP Toolkit page. This will give you a lot of basic security. For Wordpress websites, the "Wordfence" plugin can also be a good choice to enhance security.
 
You must log in or register to reply here.

Similar threads

andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
558
andreios
andreios
brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
437
Maarten
M
marcelhalls
Resolved Almalinux - Fail2Ban - Dont Start - BUG ?
Replies
1
Views
227
marcelhalls
marcelhalls
T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
317
TurabG
T
J
Issue Default plesk-wordpress fail2ban doesn't work
Replies
6
Views
810
Peter Debik
P
Back
Top