• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue fail2ban.ipdns warning

T

TPlibraryWebmaster

New Pleskian
After updating from Onyx on two separate servers I'm receiving the following message in my fail2ban logs:
Code: 
2020-02-25 09:32:00,864 fail2ban.filter         [9022]: INFO    [plesk-modsecurity] Found 107.77.207.56 - 2020-02-25 09:32:00
2020-02-25 11:20:40,767 fail2ban.ipdns [9022]: WARNING Unable to find a corresponding IP address for Access: [Errno -2] Name or service not known
It is associated with any ModSecurity filter entry.

This is the Plesk ModSecurity filter configuration that was carried forward from Onyx:
Code: 
[Definition]
failregex = (?:\[.*?\]\s\S*|X-Real-IP:)\s<HOST>\s
ignoreregex = \[.*?\]\s\S*\s<HOST>\s.*\s\1

Did something get misconfigured in the upgrade? Or is the old configuration invalid on in Obsidian?
 
It is detected as suspicious with a corresponding warning (not an error) because plesk-modsecurity jail treats some actions on the site as suspicious.
After that, Fail2Ban block 107.77.207.56 IP address, and both Plesk and websites are blocked for this IP address.

In order to fix the issue, please add this IP address to Fail2Ban whitelist: Tools & Settings > Fail2Ban > Trusted IP addresses > Add Trusted IP.
 
I apologize, I did not do a good job of explaining the issue. Fail2ban is working correctly with Modsecurity, exactly as you have described above. Additionally, that IP is correctly being caught and blocked, so it doesn't need to be whitelisted.

I am specifically concerned about the fail2ban.ipdns [9022]: WARNING …. This is the new behavior that is occurring after the upgrade to Obsidian.

I cannot find any reference to this Fail2ban error, in whole or in part, on the internet either.

I'm thinking its a bug or misconfiguration in Obsidian, because this is happening to two separate servers that I've upgraded from Onyx to Obsidian. This line did not appear in the logs under Onyx. I recognize that it's only a warning error, so it doesn't seem to be affecting core functionality of the Fail2ban service.

Specifically, I'm using Fail2ban and Modsecurity using the Comodo ruleset.
 
You must log in or register to reply here.

Similar threads

F
Issue Fail2ban: Ip addresses are not blocked by Recidive
Replies
14
Views
1K
frg62
F
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
1K
mizar
mizar
P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
2K
PeterKi
P
Bitpalast
Forwarded to devs Update to 18.0.63 #4 removed /etc/fail2ban/jail.local, crashed Fail2Ban
Replies
3
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
J
Issue Default plesk-apache-badbot fail2ban doesn't work
2
Replies
21
Views
6K
Kaspar
K
Back
Top