• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue fail2ban.ipdns warning

T

TPlibraryWebmaster

New Pleskian
After updating from Onyx on two separate servers I'm receiving the following message in my fail2ban logs:
Code: 
2020-02-25 09:32:00,864 fail2ban.filter         [9022]: INFO    [plesk-modsecurity] Found 107.77.207.56 - 2020-02-25 09:32:00
2020-02-25 11:20:40,767 fail2ban.ipdns [9022]: WARNING Unable to find a corresponding IP address for Access: [Errno -2] Name or service not known
It is associated with any ModSecurity filter entry.

This is the Plesk ModSecurity filter configuration that was carried forward from Onyx:
Code: 
[Definition]
failregex = (?:\[.*?\]\s\S*|X-Real-IP:)\s<HOST>\s
ignoreregex = \[.*?\]\s\S*\s<HOST>\s.*\s\1

Did something get misconfigured in the upgrade? Or is the old configuration invalid on in Obsidian?
 
It is detected as suspicious with a corresponding warning (not an error) because plesk-modsecurity jail treats some actions on the site as suspicious.
After that, Fail2Ban block 107.77.207.56 IP address, and both Plesk and websites are blocked for this IP address.

In order to fix the issue, please add this IP address to Fail2Ban whitelist: Tools & Settings > Fail2Ban > Trusted IP addresses > Add Trusted IP.
 
I apologize, I did not do a good job of explaining the issue. Fail2ban is working correctly with Modsecurity, exactly as you have described above. Additionally, that IP is correctly being caught and blocked, so it doesn't need to be whitelisted.

I am specifically concerned about the fail2ban.ipdns [9022]: WARNING …. This is the new behavior that is occurring after the upgrade to Obsidian.

I cannot find any reference to this Fail2ban error, in whole or in part, on the internet either.

I'm thinking its a bug or misconfiguration in Obsidian, because this is happening to two separate servers that I've upgraded from Onyx to Obsidian. This line did not appear in the logs under Onyx. I recognize that it's only a warning error, so it doesn't seem to be affecting core functionality of the Fail2ban service.

Specifically, I'm using Fail2ban and Modsecurity using the Comodo ruleset.
 
You must log in or register to reply here.

Similar threads

P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
597
PeterKi
P
J
Issue Default plesk-apache-badbot fail2ban doesn't work
Replies
14
Views
629
pleskpanel
P
claxman
Issue Anacron job 'cron.daily' on server.domain (Fail2Ban Automatic Closing Problem)
Replies
17
Views
2K
Hiljo_Lodewijk
H
PeopleInside
Resolved Unable to configure fail2ban for snappymail on Plesk
Replies
11
Views
2K
PeopleInside
PeopleInside
R
Issue Plesk repair -all error
Replies
4
Views
1K
MARS_NETWORKS
M
Back
Top