• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved fail2ban.filter [17529]: INFO [plesk-wordpress]

R

Rastronet

New Pleskian
Server operating system version
centos 7
Plesk version and microupdate number
18.0.50
Good afternoon everyone.
I wanted to ask you about the following.
Reviewing the Firewall log, I have seen that I had many SSH attacks, which I have cut from Raid.
But still they continue to appear this type of messages and I don't know what they are, and I don't know how to block them.
You can tell me what I should do.
Thank you.

fail2ban.filter [17529]: INFO [plesk-wordpress] Found xxx.xxx.xxx.xxx

From several IP addresses
 

Attachments

  • Screenshot_365.png
    Screenshot_365.png
    21.4 KB · Views: 6
That's just info. I would recommend that you make sure you configure Fail2Ban for auto banning. I would also recommend that you make sure you configure the firewall. If all of those are configured, then the info you see there is just that, info. Fail2Ban will automatically ban IP addresses based off of your jails and settings. Refer to the following articles for assisting you configuring them:
docs.plesk.com

Protection Against Brute Force Attacks (Fail2Ban)

IP address banning (Fail2Ban) is an automated way to protect your server from brute force attacks. Fail2Ban uses regu...
docs.plesk.com docs.plesk.com
docs.plesk.com

(Plesk for Linux) The Plesk Firewall

The Plesk firewall is a tool you can use to improve the security of your Plesk for Linux server by restricting network connections to and/or from the server.
docs.plesk.com docs.plesk.com
 
Good morning, and thank you very much for answering.
If in principle the fail2ban is configured.

As can be seen in the attached image, I also have the activated firewall, and the SSH service disabled

But they are entering somewhere, since I clean from Malwares 2 days ago several website and today they just told me that at least one of them is infected.
The WordPress, update them, both plugin, Themes and WP version.
In case there were any vulnerability, but it is clear that they must attack or enter on the other hand, because they just infected a website again.

How can I stop that problem, or how can I know where they are entering to block it.
thank you


On the web now every time you click on a link, it goes to another website with the attached images.
 

Attachments

  • Screenshot_366.png
    Screenshot_366.png
    42.3 KB · Views: 5
  • Screenshot_367.png
    Screenshot_367.png
    59.7 KB · Views: 5
  • Screenshot_368.png
    Screenshot_368.png
    4.6 KB · Views: 5
Fail2ban cannot protect your website against hackers to upload malicious code. Neither can ModSecurity or your firewall settings.

Malware enters Wordpress websites through either flawed themes or plugins. Some of which are even designed to open a backdoor. Your best bet is to ask Google with searches like "<name of theme> malware", because often other users have already reported that piece of software is not safe to use. I also strongly recommend to apply all suggested security settings from Plesk's WP Toolkit page. This will give you a lot of basic security. For Wordpress websites, the "Wordfence" plugin can also be a good choice to enhance security.
 
You must log in or register to reply here.

Similar threads

andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
135
andreios
andreios
J
Issue Default plesk-wordpress fail2ban doesn't work
Replies
6
Views
235
Peter Debik
P
E
Issue Abnormal CPU usage and Apache crash
Replies
13
Views
957
MartinT
M
claxman
Issue Anacron job 'cron.daily' on server.domain (Fail2Ban Automatic Closing Problem)
Replies
17
Views
2K
Hiljo_Lodewijk
H
O
Resolved Log Browser | Plesk | Extension/wp-toolkit
Replies
7
Views
923
othmaqsa
O
Back
Top