• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question How to protect DDoS attack with Plesk extensions?

Sergey K.

Sergey K.

Basic Pleskian
CentOS Linux 8.5.2 , Plesk Obsidian Ver. 18.0.41
My server was attacked - DDoS,
I've protected 2 mains sites on server with CloudFlare, but hackers know my IP.
So, all other sites are down.

Could you advise how to close all additional ports to minimize server loading with help of some Plesk extension?
Any idea how to provide more power restrictions for this ?
 
Dave W said:
~~~ I havent used this but looks interesting: Juggernaut Security and Firewall
Click to expand...
We use this & we're now using the v14.16 release (via cron updates than ran on Wednesday) that's suitable for use with Plesk Obsidian installations. It's a 'paid subscription' model, as you'll have seen, but regardless, it works vey well indeed (for us) on both IPv4 and IPv6 addresses. The granular level of configurability is excellent. NB: If / when you choose to install and use it, you'll no longer use either Fail2Ban or the Plesk Firewall, so you may want to take specific backups of those in advance and use them as a data source, if you intend to start with your own 'blacklist' of known IP addresses etc.
 
Install ddos deflate plesk extension (available directly in the extension catalog in your panel) without key. It will do at less the minimal protection:

www.plesk.com

(D)DoS Deflate Interface

The Admin-Ahead (D)DoS Deflate Interface provides an easy way to install and a GUI to configure the (D)DoS Deflate utility in Plesk
www.plesk.com www.plesk.com
 
I've got fail2ban but how to disable all ports excepts of ftp, web, ssh ?
and how to block list of IPs for DDoS ?
 
Are you using nginx proxy? You can set rate limiting.
www.nginx.com

NGINX Rate Limiting

Protect your applications from excessive traffic, including DDoS attacks, by controlling the requests they receive with NGINX rate limiting.
www.nginx.com www.nginx.com
 
Use the Plesk Firewall to block ports you don't need:

docs.plesk.com

(Plesk for Linux) The Plesk Firewall

The Plesk firewall is a tool you can use to improve the security of your Plesk for Linux server by restricting network connections to and/or from the server.
docs.plesk.com docs.plesk.com

Plesk itself uses these ports:

docs.plesk.com

Ports Used by Plesk

On servers protected by a firewall, the following ports must not be blocked to ensure proper operation of Plesk and a...
docs.plesk.com docs.plesk.com
 
maartenv said:
Use the Plesk Firewall to block ports you don't need:

docs.plesk.com

(Plesk for Linux) The Plesk Firewall

The Plesk firewall is a tool you can use to improve the security of your Plesk for Linux server by restricting network connections to and/or from the server.
docs.plesk.com docs.plesk.com

Plesk itself uses these ports:

docs.plesk.com

Ports Used by Plesk

On servers protected by a firewall, the following ports must not be blocked to ensure proper operation of Plesk and a...
docs.plesk.com docs.plesk.com
Click to expand...
Thanks for the reply
It's not clear for me - could you explain - should I remove all ports except of minimum ?

source - (Plesk for Linux) The Plesk Firewall

1646393693302.png

Real situation - list of available ports

1646393666061.png
 

Attachments

  • 1646393715883.png
    1646393715883.png
    85.5 KB · Views: 8
Correct, disable everything you don't need or use.

I can't give exact advice as it depends on what you need but I guess you can safely disable these services/ports:
- samba
- PostgreSQL
- DHCP client
- customer payment gateways (unless you need this)

Before you do this and apply the new firewall rules, make sure you are logged in via ssh on the command line. This way you have a backup route to disable the firewall on the command line in case you lock yourself out.
 
maartenv said:
Correct, disable everything you don't need or use.
~~
Before you do this and apply the new firewall rules, make sure you are logged in via ssh on the command line. This way you have a backup route to disable the firewall on the command line in case you lock yourself out.
Click to expand...
All of the proceeding and the above ^^ are good advice, which you should probably follow closely @Sergey K. but your opening post was about DDOS attacks against your IP addresses. so Plesk Firewall & blocking ports will only have a limited effect on this, your main issue really and unless you spend some time carefully configuring all of your jails to suit, it might be the same result with Fail2Ban too i.e. limited success. Your attackers will have constantly changing IP addresses, so back to your opening post again, it's a lot more about the frequency / number of visits / connections to your constant IP addresses than anything else. Fail2Ban can deal with this and it is free (with Plesk), but you'll still need to set it up correctly to make this work. Chargeable options include Post #5, which is cheaper (& less effective) than posts #3 and #4 but... one obvious simple config change would be your IP addresses... Why can't you change them? Or, was it your hosted domains (and not IP Addresses) which the attackers had actually targeted, thus negating the use of the option of changing your own IP addresses?
 
@learning_curve: You're right with the above advice but I was just responding to his question: "how to disable all ports excepts of ftp, web, ssh ?"

Regarding fail2ban: a server won't survive a real DDOS attack, fail2ban just can't handle this. A real DDOS attack should be mitigated by the hostingprovider who has the right hardware to do so. Fail2ban and other tools will however work great to block those annoying bots that keep on knocking on the ports every 1 second.
 
maartenv said:
Regarding fail2ban: a server won't survive a real DDOS attack, fail2ban just can't handle this.
Click to expand...
Yep fully agree, although it can deal with consistent "visitors" quite well (Diet DDOS? :D ) if it's correctly setup, which has some appeal (as well as being FOC)
maartenv said:
A real DDOS attack should be mitigated by the hostingprovider who has the right hardware to do so.
Click to expand...
True, although Juggernaut Security and Firewall is very, very efficient (far more so than some hosting providers!) and it does provide the full self-control option
maartenv said:
Fail2ban and other tools will however work great to block those annoying bots that keep on knocking on the ports every 1 second.
Click to expand...
Yep, both Fail2Ban and Juggernaut (and others) can indeed make light work of all of these and any non-bot versions too
 
enable firewall, , disable icmp and disable nginx
just had a massive slow http ddos attack on my plesk server. (from TOR network )!!!!
The setup for nginxs as a reverse proxy sounds good, but plesk does not care about ddos attacks so nothing is protected.
Follow instructions down below.

ourcodeworld.com

How to protect your Apache server from DoS attacks (denial-of-service) using the quality of service (QoS) module on Ubuntu 16.04

Learn how to install QoS in your Ubuntu 16.04 server to protect it from Slow HTTP and DoS attacks.
ourcodeworld.com ourcodeworld.com
 
Azurel said:
@learning_curve is there an alternative solution as replacement for fail2ban? I use fail2ban to ban and unban IPs very easily using PHP.
Click to expand...
No doubt there is, but to be fair, we're committed to using both Juggernaut (see post #4) plus all of the readily available Cloud Server restrictions (from our providers) now, which means we don't use either fail2ban on the Plesk Firewall anymore, so we haven't looked for any ourselves.
 
You must log in or register to reply here.

Similar threads

M
Question DDoS
Replies
0
Views
363
malokoff4532
M
B
Question How to deny all IPs in Plesk Firewall except certain IPs (e.g. Cloudflare IPs)?
Replies
0
Views
1K
BernieG
B
A
Resolved SSH terminal extension does not work
Replies
2
Views
727
abanico
A
P
Question Preventing DoS attacks by IIS dynamic IP restriction
Replies
0
Views
1K
phungkha
P
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
704
Lenny
Lenny
Back
Top