• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue fail2ban.ipdns warning

T

TPlibraryWebmaster

New Pleskian
After updating from Onyx on two separate servers I'm receiving the following message in my fail2ban logs:
Code: 
2020-02-25 09:32:00,864 fail2ban.filter         [9022]: INFO    [plesk-modsecurity] Found 107.77.207.56 - 2020-02-25 09:32:00
2020-02-25 11:20:40,767 fail2ban.ipdns [9022]: WARNING Unable to find a corresponding IP address for Access: [Errno -2] Name or service not known
It is associated with any ModSecurity filter entry.

This is the Plesk ModSecurity filter configuration that was carried forward from Onyx:
Code: 
[Definition]
failregex = (?:\[.*?\]\s\S*|X-Real-IP:)\s<HOST>\s
ignoreregex = \[.*?\]\s\S*\s<HOST>\s.*\s\1

Did something get misconfigured in the upgrade? Or is the old configuration invalid on in Obsidian?
 
It is detected as suspicious with a corresponding warning (not an error) because plesk-modsecurity jail treats some actions on the site as suspicious.
After that, Fail2Ban block 107.77.207.56 IP address, and both Plesk and websites are blocked for this IP address.

In order to fix the issue, please add this IP address to Fail2Ban whitelist: Tools & Settings > Fail2Ban > Trusted IP addresses > Add Trusted IP.
 
I apologize, I did not do a good job of explaining the issue. Fail2ban is working correctly with Modsecurity, exactly as you have described above. Additionally, that IP is correctly being caught and blocked, so it doesn't need to be whitelisted.

I am specifically concerned about the fail2ban.ipdns [9022]: WARNING …. This is the new behavior that is occurring after the upgrade to Obsidian.

I cannot find any reference to this Fail2ban error, in whole or in part, on the internet either.

I'm thinking its a bug or misconfiguration in Obsidian, because this is happening to two separate servers that I've upgraded from Onyx to Obsidian. This line did not appear in the logs under Onyx. I recognize that it's only a warning error, so it doesn't seem to be affecting core functionality of the Fail2ban service.

Specifically, I'm using Fail2ban and Modsecurity using the Comodo ruleset.
 
You must log in or register to reply here.

Similar threads

P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
1K
PeterKi
P
Bitpalast
Forwarded to devs Update to 18.0.63 #4 removed /etc/fail2ban/jail.local, crashed Fail2Ban
Replies
3
Views
536
Sebahat.hadzhi
Sebahat.hadzhi
J
Issue Default plesk-apache-badbot fail2ban doesn't work
2
Replies
21
Views
4K
Kaspar
K
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
952
Bitpalast
Bitpalast
S
Issue Filter for plesk-wordpress jail does not work, any ideas?
Replies
1
Views
321
AYamshanov
AYamshanov
Back
Top