• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

How to setup fail2ban for admin attacks?

Status
Not open for further replies.
L

Lee_Colarelli

New Pleskian
Hi all, I have just looked at the plesk panel log - /usr/local/psa/admin/logs/panel.log - and seen an alarming number of attempts to access plesk using the admin user. i.e.

[2015-02-02 14:53:46] ERR [panel] [Action Log] Failed login attempt with login 'admin' from IP 50.62.148.176

I have fail2ban installed and set up for other things. Can anybody help me set it up for this? Thank you in advance!
 
Hi Lee_Colarelli,

Plesk's extension fail2ban has a pre-configured jail "plesk-panel" which should monitor the log "/var/log/plesk/panel.log" ( "/usr/local/psa/admin/logs/panel.log" should be a symlink to the mentioned log - file. ), which could be used by you. As well, consider using the "recidive" - jail, for recurring script kiddies. ^^

The pre-configured "plesk-panel" jail could look like this:
Code: 
[plesk-panel]

enabled  = false
action   = iptables-multiport[name="plesk-login", port="8880,8443"]
filter   = plesk-panel
logpath  = /var/log/plesk/panel.log
maxretry = 5
 
Status
Not open for further replies.

Similar threads

T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
1K
Bitpalast
Bitpalast
J
Resolved Can't login at Plesk admin panel (Plesk Onyx 17.0.17)
Replies
6
Views
10K
JVG
J
O
Resolved Brute Force Attack
Replies
10
Views
3K
mar-ek
M
P
Issue fail2ban postfix.conf not filtering authentication failures (dictionary attacks)
Replies
0
Views
3K
PeterKi
P
S
Issue Full Plesk backup issues - very slow
Replies
5
Views
3K
Bitpalast
Bitpalast
Back
Top