• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Juggernaut Security and Firewall Plesk Addon

Hello @danami,

we've tested Juggernaut for 2 weeks and are surprised about the functionality.
Do you offer a coupon code for new customer? :)

Best regards

Tino
 
Hello @danami,

and is there a difference between "Juggernaut Security and Firewall - Host Edition - Unlimited domains" and "Juggernaut Security and Firewall - Enterprise Edition - Unlimited domains" in functionality? OK, the pricing is 3 USD higher for the Host edition (12x16 USD = 192 USD vs. 189 USD für the Enterprise Edition), but there I'm able to cancel my subscription monthly.

Best regards

Tino
 
Hello @danami,
and is there a difference between "Juggernaut Security and Firewall - Host Edition - Unlimited domains" and "Juggernaut Security and Firewall - Enterprise Edition - Unlimited domains" in functionality? OK, the pricing is 3 USD higher for the Host edition (12x16 USD = 192 USD vs. 189 USD für the Enterprise Edition), but there I'm able to cancel my subscription monthly.

With the enterprise edition you pay more up front but it is cheaper long term as you do not pay a monthly fee (Only a small yearly fee to get support and software updates).
 
Last edited:
I installed this stupid Firewall from Danami called Juggernaut Firewall and it blocked all my websites. At the same time I can't get any emails anymore.
After all the headache that this plugin gave me, I uninstalled it from my server and now I can't make my emails working anymore. This firewall blocks everything and nothing is working anymore. I don't recommend to anyone. I don't know why Plesk is advertising this **** and they ask lots of money for it too. So, whoever is thinking to install this **** on their servers I recommend not do it unless they have time to waste to fix this ****.
 
You can easily disable the firewall on the command line by running the command:
Code:
csf -x

Your mail problems are not related to the firewall as you are saying that you can't access your emails even after you uninstalled the extension. Also our extension goes though extensive testing from Plesk themselves.

I would be happy to help you out. Just open a support ticket on our website.
 
We use Juggernaut to block all access from outside the U.S., but but Allow IP ranges for specific uses. One of which is inbound Proton Mail which is overseas. This Allow Rule was working, but has stopped. Can you tell me what is wrong with it?

tcp|in|d=25,110,143,465,587,993,995,1025,1143|s=185.70.40.0/24,185.70.41.0/24,185.70.43.0/24,188.165.51.139,51.77.79.158,51.89.119.103,54.36.149.183,54.38.221.122,91.134.188.129

It I only use one CIDR, it works.
 
@MacGyver I don't think that CSF supports multiple CIDRs like that. You can read the syntax in the "Advanced Allow/Deny Filters" seaction of the CSF readme.txt here:


Also I really don't recommend blocking all access like that. Country blocks apply to outgoing connections too so it's likely that you will break things unless you can guarantee that your server is only making outgoing connections to the U.S.
 
I appreciate the insight. I was able to modify the CIDR and make it work, so I feel like you're right.

That said, that GEO block is the only reason we moved to Juggernaut. For the past 2 decades we have been doing it in the Plesk Firewall via IP ranges. The host company said, "It'll never work," but it worked fine. It's purley for security and it knocks down LOADS of spam.

BTW, Juggernaut has been working great for that and so far, no ill effect. Thanks for a great tool. :>)
 
Juggernaut administers the Maxmind Database to enforce GEO-IP, yet it seems that it is making it's requests to Maxmind via HTTP. Maxmind is notifying its users, that this access will soon be disabled.

What is the solution to this?

Please see the email from Maxmind below:

Action Required: Use HTTPS for GeoIP database downloads

Dear MaxMind customer,​

We’re writing because, between July 15 and August 14, we saw GeoIP download requests from your account that are not being sent with HTTPS (see details below). To improve our server infrastructure and allow for better performance and efficiency, MaxMind will begin requiring HTTPS for GeoIP download requests in March 2024. To help customers get ready for this change, we will have a planned, temporary enforcement of this policy on October 17, 2023.

What is the policy?

  • MaxMind will only accept GeoIP download requests sent with the more secure HTTPS protocol.
What do I need to do?

To ensure that you can continue to download GeoIP databases, please make the change(s) listed below prior to October 17, 2023. The policies will be permanently enforced in March 2024:

You sent 8 GeoIP database download queries to the endpoint http://download.maxmind.com/app/geoip_download. Note that these queries were sent without using the more secure HTTPS protocol. Update your integration to send these GeoIP database download queries to https://download.maxmind.com/app/geoip_download. Note that you should be using the more secure HTTPS protocol.

What’s next?
We won't be able to immediately confirm that the changes you have made are working. We’ll send another email next month with updated information about requests we are seeing from your account, and a third email before the planned interruption. If we don’t see any GeoIP download requests that violate our policies, we’ll send you an email to let you know that things look good on our end.
What if I need more help?

If you need more help or have additional questions, please contact us at [email protected].

Thanks for your attention.

Sincerely,
The Team at MaxMind
 
@MacGyver The Juggernaut Firewall extension already uses https:// when we download the MaxMind databases. The issue here is that CSF doesn't when it downloads the CSV versions. The CSF team is aware of the issue and they have already said that they will include a fix before the deadline :)
 
Back
Top