• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question How to protect DDoS attack with Plesk extensions?

Sergey K.

Basic Pleskian
CentOS Linux 8.5.2 , Plesk Obsidian Ver. 18.0.41
My server was attacked - DDoS,
I've protected 2 mains sites on server with CloudFlare, but hackers know my IP.
So, all other sites are down.

Could you advise how to close all additional ports to minimize server loading with help of some Plesk extension?
Any idea how to provide more power restrictions for this ?
 
~~~ I havent used this but looks interesting: Juggernaut Security and Firewall
We use this & we're now using the v14.16 release (via cron updates than ran on Wednesday) that's suitable for use with Plesk Obsidian installations. It's a 'paid subscription' model, as you'll have seen, but regardless, it works vey well indeed (for us) on both IPv4 and IPv6 addresses. The granular level of configurability is excellent. NB: If / when you choose to install and use it, you'll no longer use either Fail2Ban or the Plesk Firewall, so you may want to take specific backups of those in advance and use them as a data source, if you intend to start with your own 'blacklist' of known IP addresses etc.
 
Install ddos deflate plesk extension (available directly in the extension catalog in your panel) without key. It will do at less the minimal protection:

 
I've got fail2ban but how to disable all ports excepts of ftp, web, ssh ?
and how to block list of IPs for DDoS ?
 
Use the Plesk Firewall to block ports you don't need:


Plesk itself uses these ports:

 
Use the Plesk Firewall to block ports you don't need:


Plesk itself uses these ports:

Thanks for the reply
It's not clear for me - could you explain - should I remove all ports except of minimum ?

source - (Plesk for Linux) The Plesk Firewall

1646393693302.png

Real situation - list of available ports

1646393666061.png
 

Attachments

  • 1646393715883.png
    1646393715883.png
    85.5 KB · Views: 10
Correct, disable everything you don't need or use.

I can't give exact advice as it depends on what you need but I guess you can safely disable these services/ports:
- samba
- PostgreSQL
- DHCP client
- customer payment gateways (unless you need this)

Before you do this and apply the new firewall rules, make sure you are logged in via ssh on the command line. This way you have a backup route to disable the firewall on the command line in case you lock yourself out.
 
Correct, disable everything you don't need or use.
~~
Before you do this and apply the new firewall rules, make sure you are logged in via ssh on the command line. This way you have a backup route to disable the firewall on the command line in case you lock yourself out.
All of the proceeding and the above ^^ are good advice, which you should probably follow closely @Sergey K. but your opening post was about DDOS attacks against your IP addresses. so Plesk Firewall & blocking ports will only have a limited effect on this, your main issue really and unless you spend some time carefully configuring all of your jails to suit, it might be the same result with Fail2Ban too i.e. limited success. Your attackers will have constantly changing IP addresses, so back to your opening post again, it's a lot more about the frequency / number of visits / connections to your constant IP addresses than anything else. Fail2Ban can deal with this and it is free (with Plesk), but you'll still need to set it up correctly to make this work. Chargeable options include Post #5, which is cheaper (& less effective) than posts #3 and #4 but... one obvious simple config change would be your IP addresses... Why can't you change them? Or, was it your hosted domains (and not IP Addresses) which the attackers had actually targeted, thus negating the use of the option of changing your own IP addresses?
 
@learning_curve: You're right with the above advice but I was just responding to his question: "how to disable all ports excepts of ftp, web, ssh ?"

Regarding fail2ban: a server won't survive a real DDOS attack, fail2ban just can't handle this. A real DDOS attack should be mitigated by the hostingprovider who has the right hardware to do so. Fail2ban and other tools will however work great to block those annoying bots that keep on knocking on the ports every 1 second.
 
Regarding fail2ban: a server won't survive a real DDOS attack, fail2ban just can't handle this.
Yep fully agree, although it can deal with consistent "visitors" quite well (Diet DDOS? :D ) if it's correctly setup, which has some appeal (as well as being FOC)
A real DDOS attack should be mitigated by the hostingprovider who has the right hardware to do so.
True, although Juggernaut Security and Firewall is very, very efficient (far more so than some hosting providers!) and it does provide the full self-control option
Fail2ban and other tools will however work great to block those annoying bots that keep on knocking on the ports every 1 second.
Yep, both Fail2Ban and Juggernaut (and others) can indeed make light work of all of these and any non-bot versions too
 
enable firewall, , disable icmp and disable nginx
just had a massive slow http ddos attack on my plesk server. (from TOR network )!!!!
The setup for nginxs as a reverse proxy sounds good, but plesk does not care about ddos attacks so nothing is protected.
Follow instructions down below.

 
@learning_curve is there an alternative solution as replacement for fail2ban? I use fail2ban to ban and unban IPs very easily using PHP.
No doubt there is, but to be fair, we're committed to using both Juggernaut (see post #4) plus all of the readily available Cloud Server restrictions (from our providers) now, which means we don't use either fail2ban on the Plesk Firewall anymore, so we haven't looked for any ourselves.
 
Back
Top