• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Juggernaut Security and Firewall Plesk Addon

Not sure if it was an update that did it, but at some point recently, our Deny permanently list shows as empty. I see lots of permanent blocks in the "advanced deny filters" area.
I'm guessing the page is simply not reading the file properly. I can see temp blocks fine. any suggestions?

The grid is just reading the /etc/csf/csf.deny file. Normal lines should look like this:
59.88.86.253 # lfd: (smtpauth) Failed SMTP AUTH login from 59.88.86.253 (IN/India/-): 1 in the last 3600 secs - Fri Jun 12 08:55:48 2015

Do you want to post some sample lines from your file?

If you still have any problems open a ticket in our client area and we can take a look at it.
 
Yup i see entries in the /etc/csf/csf.deny file, nothing in the juggernaught gui. have opened a support ticket. thanks.

tcp|in|d=587|s=162.219.29.134 # lfd: (smtpauth) Failed SMTP AUTH login from 162.219.29.134 (US/United States/162-219-29-134.alnitech.com): 5 in the last 3600 secs - Fri Jul 24 15:40:05 2015
tcp|in|d=25|s=70.39.65.45 # lfd: (smtpauth) Failed SMTP AUTH login from 70.39.65.45 (US/United States/-): 5 in the last 3600 secs - Fri Jul 24 15:47:26 2015
tcp|in|d=465|s=70.39.65.45 # lfd: (smtpauth) Failed SMTP AUTH login from 70.39.65.45 (US/United States/-): 5 in the last 3600 secs - Fri Jul 24 15:47:26 2015
tcp|in|d=587|s=70.39.65.45 # lfd: (smtpauth) Failed SMTP AUTH login from 70.39.65.45 (US/United States/-): 5 in the last 3600 secs - Fri Jul 24 15:47:27 2015
 
support guy got us sorted. somebody changed it to only block the service that was failing. deny list doesnt show properly in the current version if that is checked.
 
I just purchased a license :)
And i must say, this is one of the best plugin I've seen for Plesk
I think that the team of Plesk should take an example on how to provide a firewall!
However, anyone who think Plesk Firewall does not provide enough control will find the solution here!
This is another world, just an amazing and impressive job.


Plesk team wake up! We need more extensions like this!
 
Last edited:
It could be nice if you could add some antivirus support from f.ex the free ClamAV. Also a neat future like scanning all fileuploads for viruses or malware (ftp and http uploads).
Also it would be nice if you could make it easier to block brute force and other hacking atempst against Wordpress and joomla etc, by including some of the Regex patterns you give an example of in the FAQ.

But i would probably get a license myself very soon, as this looks like some cool features already. I would like to minimize the customers who doesn't update their cms systems, and then someone gets a script uploaded to send spam so the whole server ends up being blocked :/
 
Also it would be nice if you could make it easier to block brute force and other hacking atempst against Wordpress and joomla etc, by including some of the Regex patterns you give an example of in the FAQ.

We added this in the latest release. We now ship with a bunch of custom login failure triggers for bots, vulnerability scanners, and Wordpress attacks that you can enable with a single click. See: https://docs.danami.com/juggernaut/how-tos/enable-login-failure-triggers
 
Looking through all the features this extension have, I must say that you guys rock!
The blocking of bad IP's in advance is really an awesome feature, and TOR IP's and specific countries also could really help stopping those unwanted brute force attempts.
But will it have an impact on connection performance when having a large list of IP's to check against before allowing access?

BTW just out of curiosity, does the coupon code still work?

And could you possibly tell me just a small thing about the installation before I purchase; I have plesk 12.5 on Debian 7.5, and in order to install this, I need to uninstall any current firewall and fail2ban, right?
I would like to do this the most "correct way" by uninstalling it in plesk (at least I think that's the best way to not mess anything up in the plesk setup. I have screwed up PLESK before with a simple workaround, and really don't want to try that again.). I can easily find the fail2ban component, and just uninstall that as a PLESK component, but what do I need to uninstall from the component list to remove any firewall running (there is a component in plesk extensions -> plesk firewall , is this enough? Or are there others to uninstall also?).

Also what are the upgrade possibilities of the license, if I start out with 30 domains and then need to go with unlimited and after some months gets tired of keep renewing and then want to purchase the enterprise version?
And with the enterprise it says I can get updates for $49/year, does this require $49 every year, or can I simply choose after 2 years that now there is an upgrade I really could use, and then purchase a year of upgrades then?
 
But will it have an impact on connection performance when having a large list of IP's to check against before allowing access?
We support ipset so enabling large blocklists or blocking whole countries has minimal impact of performance. (Debian 7.5 supports ipset so you would be good to go).

BTW just out of curiosity, does the coupon code still work?
No the current coupon expired.

And could you possibly tell me just a small thing about the installation before I purchase; I have plesk 12.5 on Debian 7.5, and in order to install this, I need to uninstall any current firewall and fail2ban, right?
Uninstalling the Plesk firewall and fail2ban is as simple as running: apt-get remove psa-firewall fail2ban. We provide free installation and setup for new installs. You can view the full install instructions here: https://docs.danami.com/juggernaut/basics/install-debian-ubuntu

Also what are the upgrade possibilities of the license, if I start out with 30 domains and then need to go with unlimited and after some months gets tired of keep renewing and then want to purchase the enterprise version?
You can cancel your monthly license any time directly though our client area.

And with the enterprise it says I can get updates for $49/year, does this require $49 every year, or can I simply choose after 2 years that now there is an upgrade I really could use, and then purchase a year of upgrades then?
You would have to pay the $49 / year fee if you want to keep up with our software updates. You can read our license terms here: https://www.danami.com/legal/licensing-terms
 
Ok nice, and thanks a lot for the answers!

Uninstalling the Plesk firewall and fail2ban is as simple as running: apt-get remove psa-firewall fail2ban.

Would this be the same as uninstalling fail2ban and plesk firewall through plesks own components page? The reason I ask so much about this, is because I have almost ruined my live plesk installation by doing some command line installations and uninstalls, and just don't want to go through that much stress again with downtime and customers not being able to load their sites..
Otherwise your installation guide looks very easy to follow, so there should be no problems there with installing it myself.

But another thing though, I have "Admin-Ahead Realtime File Upload Scanner" and "Admin-Ahead ServerWatch Extension" installed. Do you have an idea whether these are conflicting with yours "Juggernaut Security and Firewall" ?
File upload scanner has the description: "Automatic IP blocking using csf / apf / IPTABLES (whichever is installed) when a file has been blocked while uploading through FTP and HTTP." and Serverwatch: "View SSH login history for Root as well as normal users. View Plesk admin login history. View POP/IMAP login history. View IP address connection history for SSH, POP/IMAP and Plesk admin access."
I don't know if the they would attempt to use the same resources or cause other problems. But basically I haven't had much good use of them anyway, except feeling a little safe about the virus check on all uploads, even though not one file has been caught yet.. So it wouldn't be a big thing if it was best to just uninstall them.
 
Would this be the same as uninstalling fail2ban and plesk firewall through plesks own components page? The reason I ask so much about this, is because I have almost ruined my live plesk installation by doing some command line installations and uninstalls, and just don't want to go through that much stress again with downtime and customers not being able to load their sites..
Yes I believe the components page does the same as the same yum commands.
It shouldn't cause any issues as Juggernaut uses CSF at its core so its fully supported.
 
Hy, sorry for my bad english. I have a question. incomprehensible why the firewall is blocking the CloudFlare CDN and DNA treatment?
 
Back
Top