1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

How can I ban IP-adresses in PLESK 7.5.2?

Discussion in 'Plesk for Linux - 8.x and Older' started by editor, May 7, 2005.

  1. editor

    editor Guest

    0
     
    cPanel and vDeck allow the admin to post some special
    ip-numbers, which should be banned. This feature is sometimes
    very helpful to lock some unwanted visitors.

    vDeck says here:
    "Ban access to your website from particular IP addresses.
    Either enter a full address, or part of an address to ban a range.
    This can be useful when specific users or robots are abusive
    towards your web site.
    Enter an IP address/range: [___].[___].[___].[___] [bann ths IP/range]"

    In Plesk 7.5.2, I was not able to find this cool feature. Does this
    feature not exist or did I oversee it anywhere in my Plesk-Admin?
    How can I realize this for the complete Plesk-Server for all
    domainnames onto it?

    Thank you.
     
  2. poke

    poke Guest

    0
     
    Hello,
    I think you can acheive this here:

    Plesk CP.... go to server --> down at the bottom left "administrator info" click "access"

    Now on next page add a new network and allow or deny CP access using IP or Subnet.

    Hope this helps, i didn't test it out....

    -poke
     
  3. editor

    editor Guest

    0
     
    Thank you for your idea. This chapter speaks only about the
    access to the control panel itself (Port 8443), here

    https://www.rootdomainname.tld:8443

    But what I want is to ban IP-numbers to surf to all domainnames
    on port 80, f.e.

    http://www.mydomainname.tld
    http://www.anotherdomain.tld
    http://subdomain.hmm.tld

    See, there are some spiders running in Korea and China.
    Pure machines which are only online to **** email-adresses
    and then to get them in a spamer-database. I know the
    IP-numbers of their IP-network and C-Class. I want to lock
    them, which means to ban their IP-numbers.

    Another example are some special hackers who always try
    to use some special IP-numbers for hacking into the Plesk-
    System. They also have nothing to surf anywhere on my
    Plesk-Server.

    And I know also another example. Some spiders of some
    special search-machines and linkcheckers try to rush so wild
    and crazy over all the domainnames, that they produce big
    traffic. They are only here for just wasting traffic which I must
    pay. So, also such "machines" have to be locked and are not
    allowed to surf on all domainnames.

    Alike you see, there are many reason and I want to ban some
    IP-numbers for HTTP-surfing on all domainnames which are
    run here at the Plesk-System. I could not find this feature on
    Plesk 7.5.2.... or do I stand on the cable?
     
  4. poke

    poke Guest

    0
     
    Interesting....

    Sorry I didn't get to the root of the problem. I guess psa doesn't have this feature.


    regards,
    poke
     
  5. jamesyeeoc

    jamesyeeoc Guest

    0
     
    No, Plesk does not have this built-in to the standard control panel.

    I have not paid or tried the Plesk Firewall feature, so I don't know if they may have it in that module or not.

    You would have to manually make entries to the IPTABLES file and then restart your IPTABLES firewall module.

    It's not that difficult, but can be time consuming if you are going to continually add to the banned IP ranges.

    There are many googled results for IPTABLES examples, but if you've never dealt with firewall configuration, be careful not to accidentally leave your box unprotected....

    If you look at your /etc/sysconfig/iptables file, you can add a line somewhere after the line '*filter'.

    To 'ban' an IP would be as simple as adding something like:

    -A INPUT -s xx.yy.zz.ww/ss -i eth+ -j DROP

    where xx.yy.zz.ww/ss would be the IP or CIDR range such as 213.22.0.0/16 for one of the AsiaPacific IP blocks.

    I have had to block many many many ranges of APNIC and RIPE ranges due to spammers.

    Luckily none of my clients needs to communicate to China, Japan, large parts of Europe, Israel, Iran, Spain, etc.

    Spain, France, China, are really big spam areas. Italy, Poland, Portugal, Latvia are the next big ones which I have seen. There are many US based IP blocks which I have blocked as well. Mainly the ones which specialize in sales & marketing...

    If you want to block browsing on a 'per domain' basis, there is a way to do it in the .htaccess file.
     
  6. editor

    editor Guest

    0
     
    Cite:

    "...The most comprehensive set of features that hosting
    providers can find on the market today...."
    cp. http://www.sw-soft.com/en/products/plesk/

    I think, I know why Plesk do not want to support banning
    IP-Adresses because of the spammers. It seems so, that
    they want to make money with their "SpamAssassin Anti-SPAM
    Support Interface", costs $49.00.
    cp. http://www.sw-soft.com/en/buyonline/plesk75reloaded/
     
  7. Jamai

    Jamai Guest

    0
     
    The firewall module for Plesk is free. Try it, I use it to ban unwanted visitors.
     
  8. jamesyeeoc

    jamesyeeoc Guest

    0
     
    I stand corrected. I didn't see it listed under Server, Service Management, so I figured it was not included in the 'base' Plesk. I did find it under Modules....

    Now I just have to test to see that it does not overwrite my own custom IPTABLES settings....

    Thanks Jamai !
     
  9. Jamai

    Jamai Guest

    0
     
    No problem. I haven't really tested the firewall module, to see what it does and what not, but I have no doubt it works well.
     
  10. jamesyeeoc

    jamesyeeoc Guest

    0
     
    It won't work well for me though, I just received reply from SWSoft, their scripts controlling IPTABLES will totally over-ride anything already existing in the /etc/sysconfig/iptables file. I have spent way too much time customizing my firewall, so I'll be uninstalling their module right away.

    It appears that they store whatever settings you enter into a database as blobs, so it's not human readable. Then they have a couple of short scripts which control the calling of iptables. I'd rather have my own human readable config file, easier to backup/modify/etc.
     
  11. editor

    editor Guest

    0
     
    btw: is this normal, that I cannot post here a screenshoot (.jpg, 70kBytes)
    by "attach file"?
     
Loading...