• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue IP Access restriction - locked out of PLESK

weareimpulse

weareimpulse

Basic Pleskian
Server operating system version
Ubuntu 22.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.65 Update #2 Web Host Edition
can anyone help please...

the IP Access restriction feature was added to one of our servers, however, the person who added it did this whilst using a dynamic IP - rather than our static, and now we're locked out.

We have SSH access, so is there a way to add an IP via this to gain PLESK access, or maybe disable the feature so we can get in and set it up properly?

Many thanks...
 
weareimpulse said:
Legend. many thanks :)
Click to expand...
@weareimpulse

It is not a good thing to (only) use the "Restrict Administrative Access" functionality.

The best way is to setup Plesk Firewall extension with :

1 - SSH : allow access to IPs chosen, deny all others

2 - Plesk Panel : allow access to IPs chosen, deny all others

and please do

3 - remove the IPs from "Restrict Administrative Access" functionality - otherwise, this will become a potential problem in the near future,

4 - NOT use dynamic IP addresses with netmasks - it is possible, but if often fails (for many reasons) and it also increase the attack surface!

5 - CREATE a cloud based (cheap) VM with a STATIC IP - this can be stopped/started at all times, hence granting you a fail-over access point

6 - STOP the cloud based VM when you are not using it - only start it when you are locked from Plesk and cannot access Plesk anymore


The simple rule here is : only grant 1 or 2 IPs access to SSH and Plesk Administrative interface, with a VM with a (static) IP as a fail-over access point.

In general, it is a good idea to limit the fail-over access point to SSH, since it is more important to have access to the server itself (via SSH) than having access to Plesk Administrative interface (which interface cannot help you in all scenario's - it only covers most of the lock out scenarios!)


I hope the above helps!


Kind regards....


PS If you run 2 or more dedicated servers, then there is no need for cloud based VMs. However, it still is a good idea, for instance when you run all servers in one and the same datacenter!
 
You must log in or register to reply here.

Similar threads

WhiteTiger
Question Access from a static IP is not allowed
Replies
0
Views
317
WhiteTiger
WhiteTiger
C
Question Scripting access to restricted directories through user email registration
Replies
1
Views
615
Martin Dias
Martin Dias
T
Question Restrict the access to Home Directory via SFTP
Replies
6
Views
998
Thomas Oryon
T
F
Question Whitelisting IPs in Firewall > How to include our dynamic IP?
Replies
1
Views
1K
scsa20
scsa20
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
498
Raul A.
R
Back
Top