• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue I need help getting setting up a filter for AH01264 in fail2ban

B

bartender1382

New Pleskian
Server operating system version
Ubuntu 22.04
Plesk version and microupdate number
18.0.57
Hello,

My linux level is way below beginner. Just setup my own server for development purposes.

So am using fail2ban for fail ssh attempts, and I noticed that I am gettin g a lot of hits from bots in the error.log attempting to access standard login phps or pls. So I would like to add a filter for AH01264 errors.

However my attempt at doing so just failed. I asked ChatGPT how to do it, and it had me do the following:

Add the following definition:
[Definition]
failregex = AH01264: client denied by server configuration
Click to expand...
And then within jail.local
[apache-ah01264]
enabled = true
filter = apache-ah01264
logpath = /path/to/your/apache/error.log
maxretry = 3 # Adjust the value based on your needs
bantime = 3600 # Adjust the value based on your needs
Click to expand...
I made sure to include the proper path to my error log, and restarted fail2ban.

Sadly it didn't catch anything, and the closest I could see in the fail2ban.log was:
2024-02-01 21:29:48,600 fail2ban [2932]: ERROR NOK: ("No failure-id group in 'AH01264: client denied by server configuration'",)
Click to expand...

So obviously am missing something that my level of knowledge isn't catching.

Am hoping someone has some experience in this matter and could help me out.

Thank you
 
The ChatGPT "solution" is completely wrong. You will need to remove these changes for Fail2ban to work correctly again. Instead, start out with the existing Plesk Apache and Apache Badbots jails.
 
You must log in or register to reply here.

Similar threads

wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
1K
mizar
mizar
P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
1K
PeterKi
P
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
3K
Bitpalast
Bitpalast
A
Question Need Help Setting Up Multistore with PrestaShop 8.1 on Plesk
Replies
1
Views
917
alpinecare
A
P
Input Enhancement suggestions for Plesk's fail2ban filters
Replies
1
Views
1K
Maarten
M
Back
Top