• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question fail2ban/ip_ban access in plesk-php?

Azurel

Silver Pleskian
It is possible to add client-ip to fail2ban per plesk-php? My php script detects unqiue attacks and I would wish to add instantly the client-ip to a fail2ban jail. The same for banned users that create a account again and again.

on command-line for fail2ban
# fail2ban-client set <JAIL> banip <IP>
# fail2ban-client set <JAIL> unbanip <IP>
# fail2ban-client status <JAIL>
Is this working fine with plesk extension of fail2ban?

I found ip_ban: IP Address Banning (Fail2Ban) but actual this not support add a banip.

I have tested this, but I get no results, because my vhost-user is not in sudoers
Code:
$exec = exec('sudo -u root -S fail2ban-client status recidive < /etc/psa/.psa.shadow', $output, $return);
The vhost-user should not get generally access to sudo. He should only get access to fail2ban.
 
Last edited:
The ip_ban utility cannot be used to add an ip address to iptables.
Actually, there is no Plesk utility that can do that.
You could of course add an ip address to iptables directly, however, this would need root privileges for a PHP script. So your script cannot run from within the subscription account.
 
I have tried a other solution. I created a custom jail with custom filter and want add with plesk-php ip in this logfile.

My filter
[Definition]
failregex = <HOST>$
ignoreregex =

My Jail
[vhost_example]
enabled = true
filter = vhost_example
action = iptables-allports[chain="INPUT", name="default", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable", returntype="RETURN", lockingopt="-w", iptables="iptables <lockingopt>"]
logpath = /var/www/vhosts/example.com/fail2ban/banned_ips.log
maxretry = 1

I add with editor an ip to logfile /var/www/vhosts/example.com/fail2ban/banned_ips.log but nothing happen. Is this not the way its should working?

I have test it with command-line
# fail2ban-regex /var/www/vhosts/example.com/fail2ban/banned_ips.log /etc/fail2ban/filter.d/vhost_example.local

Running tests
=============

Use failregex filter file : vhost_example, basedir: /etc/fail2ban
Use log file : /var/www/vhosts/example.com/fail2ban/banned_ips.log
Use encoding : UTF-8


Results
=======

Failregex: 2 total
|- #) [# of hits] regular expression
| 1) [2] <HOST>$
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
| [2] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)?
`-

Lines: 2 lines, 0 ignored, 2 matched, 0 missed
[processed in 0.00 sec]

Matched found, regex is ok.

UPDATE:
I found the solution. My custom entry in banned list have a copy&paste time was too old. After change for today, its working. Yeah! So its possible to add ips to fail2ban with php.
Again: You need a valid and actual time in the log. If the timezone of the logs files is wrong, fail2ban considers this as too old entries and fails to process it.
 
Last edited:
Back
Top