• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

Issue Help with best practices for plesk firewall security

stas styler

stas styler

Basic Pleskian
Dear pleskers,
I've encountered several attacks on my server that made my server very slow and got all my clients down.
I've managed to respond quick and solve it, but I guess there are people over here that secured their servers even better.

I use atomic advanced mod security + ddos deflate + plesk firewall + restrictive fail2ban.
Do you guys know best practices for plesk firewall? any good rule set? is there any way to add custom iptables rules with plesk firewall on?
 
It is recommended to deactivate all ports that are not needed for conducting business. For example, if you are not using the single sign on service, deactivate the entry in the firewall. You can also add custom rules and chains to iptables by using the standard iptables commands on the Linux console.

It is best practice to block malicious traffic before it reaches your host, e.g. by using a hardware firewall in a router in front of your server.

Some people use Cloudflare to distribute their website globally, so that if your server is under attack, cloudflare can still deliver the site from their mirrors. However, this only works for static content.
 
Peter Debik said:
It is recommended to deactivate all ports that are not needed for conducting business. For example, if you are not using the single sign on service, deactivate the entry in the firewall. You can also add custom rules and chains to iptables by using the standard iptables commands on the Linux console.

It is best practice to block malicious traffic before it reaches your host, e.g. by using a hardware firewall in a router in front of your server.

Some people use Cloudflare to distribute their website globally, so that if your server is under attack, cloudflare can still deliver the site from their mirrors. However, this only works for static content.
Click to expand...

Thanks for your reply.

1.I thought of the same method of using iptables to block any kind of threat, but I read somewhere here that plesk firewall script overrides the rules every time I apply rules through plesk firewall. Is that true? if so, is there any way to make them work together?

2. I'm hosting about 300 websites as a hosting company, cloudflare is working on the website field and not the server field. Every customer is either using my DNS server or cloudflare's it is really up to them. Unfortunately cloudflare doesn't offer dns services for servers...
 
1) Plesk does not overwrite your individual rules.

2) Cloudflare is a content distribution service. Thus an attack that is coming from a certain part of the world will be limited to the proxy cloudflare host and not reach your server unless dynamic content is being attacked (the other mirrors will still deliver your site even if one network segment has issues).
 
If you have a lot of client using WordPress and you are in a position to enforce a WordFence install you could consider the script I wrote that adds rules to the firewall.

It's a learning system that adds IP's to a monthly set. There are 2 sets... An uneven month set and an even month set that are both enforced....
IP's are added as they are found by WordFence to the current month (even or uneven).
On the first day of the month the set of the month that still contained IP's assembled during the previous run will go to a spare set and the current month will be emptied.
That spare set will not be enforced, but used as a reminder.
The assembling of IP's will start again. IP's of the spare set will have a chance again of accessing sites, but if one of those IP's misbehaves (they are coming back after being blocked for at least a month) they well be added to a set that we'll get them permanently blocked.

None of what I wrote was copied although I can easily imagine it has been thought of before. I think it's much more elegant than fail2ban.

It's published in this forum. Another way of protecting your server is using another script of mine that blocks specific countries or the reverse. Blocking the whole world and then letting through some specific countries.

For SSH there's a very effective ruleset that uses the "recent module" of iptables and it will protect you from any bruteforce attack...

Search with iptables and my name in this forum and read.....


My firewall is just a manually maintained text file that's loaded with iptables-restore.

Every new Plesk install I examine what "they" want to open up and adapt if necessary.
 
Last edited:
You must log in or register to reply here.

Similar threads

Sergey K.
Resolved Strange icons for Plesk Firewall
Replies
6
Views
2K
Peter Debik
P
S
Question Best practices for SSH?
Replies
1
Views
632
Maarten.
M
F
Question Plesk Slave DNS & DNS Security
Replies
1
Views
1K
Peter Debik
P
M
Issue Can't open Port 25. Please help
Replies
2
Views
799
mhogue
M
michaeljoseph01
Question How to block non-mail traffic to certain ip?
Replies
1
Views
768
MarkM
MarkM
Back
Top