• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

How to setup fail2ban for admin attacks?

Status
Not open for further replies.
L

Lee_Colarelli

New Pleskian
Hi all, I have just looked at the plesk panel log - /usr/local/psa/admin/logs/panel.log - and seen an alarming number of attempts to access plesk using the admin user. i.e.

[2015-02-02 14:53:46] ERR [panel] [Action Log] Failed login attempt with login 'admin' from IP 50.62.148.176

I have fail2ban installed and set up for other things. Can anybody help me set it up for this? Thank you in advance!
 
Hi Lee_Colarelli,

Plesk's extension fail2ban has a pre-configured jail "plesk-panel" which should monitor the log "/var/log/plesk/panel.log" ( "/usr/local/psa/admin/logs/panel.log" should be a symlink to the mentioned log - file. ), which could be used by you. As well, consider using the "recidive" - jail, for recurring script kiddies. ^^

The pre-configured "plesk-panel" jail could look like this:
Code: 
[plesk-panel]

enabled  = false
action   = iptables-multiport[name="plesk-login", port="8880,8443"]
filter   = plesk-panel
logpath  = /var/log/plesk/panel.log
maxretry = 5
 
Status
Not open for further replies.

Similar threads

Jürgen_T
Question Massive Brute-Force Attacks on Plesk Panel – Looking for Additional Protection Measures
Replies
15
Views
4K
Franky H
F
T
Issue Stop Plesk Brute Force Attacks NOW: Cloudflare + Windows Server Fix
Replies
0
Views
917
TheHostingHeroes
T
TimReeves
Fail2Ban Jail needed for /var/log/sw-cp-server/error_log
Replies
5
Views
8K
roon
R
I
Issue Session Problem
Replies
1
Views
3K
ikosedev
I
K
Resolved Plesk Panel Log and Cloudflare - log doesn't show Real IP
Replies
7
Views
4K
Katog Choling
K
Back
Top