• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Firewall Lockdown

I

inQ

New Pleskian
Hello,

I am looking to use firewall rules to help secure my server by closing any unnecessary services, the server is solely for web hosting.

Can you see any issues with denying and of the following items, see image below.

Many thanks,

Screenshot-2019-05-09-at-03-18-04.png
 
inQ said:
Hello,

I am looking to use firewall rules to help secure my server by closing any unnecessary services, the server is solely for web hosting.

Can you see any issues with denying and of the following items, see image below.

Many thanks,

Screenshot-2019-05-09-at-03-18-04.png
Click to expand...

@inQ,

Surely the above picture does not represent a tight firewall.

Just lockdown SSH and only allow the IPs of server admins and sysadmins - if necessary, you can always temporarily add / unblock specific IPs.

Moreover, only allow local MySQL traffic - in the firewall, allow 127.0.0.1 only (and also go to the Database server settings, to allow local connections only).

In addition, consider the following:

1 - only allow server admins and Plesk admins access to Plesk installer : allow the relevant IPs, deny all other IPs
2 - you can redo step 1 for Plesk administrative interface, if you have all of your customers IP addresses : this will prevent attacks on Plesk (port 8443 etc.) itself
3 - you can redo step 2 for FTP : this will prevent attacks, most of them being brute-forcing attacks
4 - if not using PostgreSQL server (as often is the case), block all access and traffic to it, (and)

I would really recommend steps 1, 3 and 4 - step 2 will be a bit more difficult, if you have customers accessing the Plesk Panel.

I would also recommend to use Fail2Ban and to setup some proper Fail2Ban filters, actions and jails - after all, Fail2Ban automatically creates firewall rules to ban IPs.

Hope the above helps.

Kind regards........
 
Hi Trialotto,

Thanks for the advice, I have locked down SSH to on the server only use my key and restricted database access to local only.

I'm currently travel so weary of restricted IP address unless allowing those of my VPN? Would you suggest doing so?

Also, I have setup WAF with OWASP ModSecurity ruleset and the default Fail2Ban jails.

For anyone else interested, I implemented the firewall rules discussed in this thread: https://talk.plesk.com/threads/firewall-hardening.344439/

Thank,
inQ
 
You must log in or register to reply here.

Similar threads

A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
840
Raul A.
R
C
Question ModSecurity "Access denied with code 403"
Replies
11
Views
936
Colonel36
C
J
Question Plesk Firewall is blocking requests even with configured rules
Replies
2
Views
349
Johnny9977
J
A
Issue Firewall enabled but rules still gray
Replies
8
Views
887
Sebahat.hadzhi
Sebahat.hadzhi
D
Issue Plesk Firewall does not add changes to zone (CloudLinux)
Replies
4
Views
428
Kaspar@Plesk
Kaspar@Plesk
Back
Top