Question How to disable/restrict by IP <server-ip>/login_up.php ?

[fabkim]

Hi,

I just noticed that when I access the IP address of my server with Chrome, I am redirected to the page <ip-address>/login_up.php or <server_name>/login_up
Is there a way to restrict this page by IP as is the case when using port 8443?
The "Restricting Administrative Access" feature only protects when the correct credentials are used. There is therefore a possibility of using this page to find the identifiers by brute force
Or is there a way to disable the non-8443-port access or redirecting to the 8443 port ?

Thanks

 

[Peter Debik]

You cannot brute-force into Plesk when the Fail2Ban jail that protects the login is used. Simply activate that jail and you have peace.

 

[fabkim]

yes, you are right, I forgot about fail2ban.
But leaving this page accessible lets a hacker know that Plesk is used on the server. The goal of security is to give as little information as possible, which is why I would like this page to no longer be publicly accessible at all.
So is there a way to block it ?

 

[Peter Debik]

The login page cannot be disabled. If you believe that would be an important feature, please vote for it here: Completely disable plesk login functionality and use whmcs as a single point of entry

 

[W4ru]

Or is there a way to disable the non-8443-port access or redirecting to the 8443 port ?

Hi!

Try to use the Plesk Firewall and/or to allow only a subnet for Your I-provider
If you are looking at

cat /var/log/plesk/panel.log | grep "Failed login attempt with login"

may you will see, that there is no entry (like here).

I have never had a Fail2ban notification about a failed attempt on the Plesk panel.
IMHO, SSH, installed websites (wordpress etc) and SMTP is much more the risk than Plesk per se.