• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question IP address banning (Fail2ban)

Trung Ma

Trung Ma

New Pleskian
Dear. Plesk Support,

I have 2 cases, and I need your recommendation.
1. I'm using Fail2ban to protect against brute-force attack. It's working well. But I always receive the notification email inform some IP address always try attack after it unbans the IP Address from Fail2ban.
I want it will be banned depending on the number of times ( meaning, default it will block 7 days for the first time, 14 days for the second time, 30 days for the third time, ... )

2. I have more than 10 Plesk servers, and some IP will be brute-force for all my Plesk. Do we have any ideas to check it, if they attack for 3-5 servers, we will automatic update that IP to IP banned address on the remaining servers?

Thanks & Regards,
Trung Ma
 

Attachments

  • fail2ban.PNG
    fail2ban.PNG
    45.6 KB · Views: 6
Hi Trung Ma,

Trung Ma said:
Dear. Plesk Support,
Click to expand...
Sorry, but the Plesk Community Forum is not the official Plesk support. If you desire to reach the official Plesk support, pls. visit:


... and choose one of the options: Submit a ticket / Take a professional service / Start chat


If you still desire answers from the Plesk Community Forum, here are some suggestions to your questions:

Trung Ma said:
I want it will be banned depending on the number of times ( meaning, default it will block 7 days for the first time, 14 days for the second time, 30 days for the third time, ... )
Click to expand...
This goal can be reached with the usage of a "recidive" - jail for example.

Further informations can be found at:

=> Question - Fail2Ban recidive: how it work ?
=> #8


Trung Ma said:
Do we have any ideas to check it, if they attack for 3-5 servers, we will automatic update that IP to IP banned address on the remaining servers?
Click to expand...
My first thought here is to extract the banned IPs from server 1 ( only the ones banned with a recidive jail for example ) from the "/var/log/fail2ban.log" and send these extracted IPs with an hourly crontab to your servers 2-10 ( could be done with rsync for example over a ssh - connection ). You could then add these IPs with an additional "iptables" - command.

But ( !!! ) this sort of usage is something that you should overthink, as your banned IPs may grow to a quite enormous list, which is actually regulated when you use the mentioned "recidive jail" instead. Only the IPs that really repeated their offensive behaviour on a specific server are being banned for the defined bantime at this "recidive jail" and you don't have to ban additional IPs, which didn't even reach your server. ;)
 
You must log in or register to reply here.

Similar threads

Jürgen_T
Question Massive Brute-Force Attacks on Plesk Panel – Looking for Additional Protection Measures
Replies
15
Views
2K
Franky H
F
S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
1K
sulabhpuri
S
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
978
andreios
andreios
brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
2K
Maarten
M
F
Issue Fail2ban: Ip addresses are not blocked by Recidive
Replies
14
Views
1K
frg62
F
Back
Top