• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Juggernaut Security and Firewall Plesk Addon

So by default, Juggernaut offers no way to see what IPs are being dropped?

Also, when I do know the IP to search for, why is it not showing up in the Dashboard search?
 
> So by default, Juggernaut offers no way to see what IPs are being dropped?

We follow the same defaults for logging that CSF uses for all Cpanel servers. Just enable Drop incoming logging as I mentioned if you really want them logged.
 
>We follow the same defaults for logging that CSF uses for all Cpanel servers. Just enable Drop incoming logging as I mentioned if you really want them logged.

Forgive me if I'm missing something. I'm not trying to be obtuse. I just know that without using Juggernaut, if we had someone who couldn't connect via FTP, we would have someone look at the logs, see what IP was knocking on the door, and then we would whitelist it.

When we know the IP, what would be causing it not to show up in the Dashboard search you suggested?
 
When we know the IP, what would be causing it not to show up in the Dashboard search you suggested?
If you search for the IP address in the dashboard search and it doesn't come up with any results, then it's not blocked on the firewall. It's not a firewall problem.
 
>If you search for the IP address in the dashboard search and it doesn't come up with any results, then it's not blocked on the firewall. It's not a firewall problem.

Perhaps there is a disconnect in how I am relaying things then.

I pull up a browser. I got to a site on this server. I can connect with no problem. I pull up a browser based VPN and set it to connect from Germany, Romania, etc. A country that is blocked. I go to ipchicken.com to check the IP address. I try to connect to the same website. Now it times out. I go back to ipchicken.com and confirm that it's still that IP address. I turn off the VPN and connect to the site successfully now. I now go to the Dashboard and search for that overseas IP, and it's not there.

Clearly I'm misunderstanding something. What am I doing wrong?
 
Thanks. We got the issue resolved temporarily, but will open a ticket regarding the MaxMind issue as the issue does not seem to be resolved. Just FYI, we go this in the morning email:

We’re still seeing outdated API requests from your account (ID XXXXXX) that are using an incorrect endpoint.

Going forward, we will only accept:

  • API requests sent with the more secure HTTPS protocol.
  • API requests sent to the appropriate hostname.
Click the links below to view a list of valid API hostnames for each service.



If you have questions or need help, just reply to this email.
 
They are probably sending those out from any requests from the last month. CSF just pushed their fix a few weeks ago. All our extensions use https:// and download.maxmind.com as they recommend.
 
How does this firewall compare to the preinstalled ModSecurity WAF by Comodo and Fail2Ban?

Does it automatically block attack attempts?
 
@safemoon A web application firewall and an IPtables firewall perform two completely different tasks. You should have both installed. Juggernaut will monitor the modsecurity logs and ban users who trigger modsecurity repeatedly.

@zed2007 Just add a rule for the IP address under Allow -> Allow permanently.
 
Just a shout out for the Danami support team. We decided to try Juggernaut on a server we were migrating purely in hopes that it would supply some GEO blocking security. Now over a year later it's done everything we hoped, and more. We're now using it to deal with some other security issues, and the Danami support team has been great.

We're not usually big on subscription based products, but this one has proven itself. So much so that when our AV comes up for renewal this year, we will likely be switching to the Danami product for that as well. When first looking at the firewall, it seems to be a bit overwhelming, but I have found that it's really not once you start using it.

If you're looking for a good software based firewall add on for Plesk that will provide GEO Blocking, this is a great product. I hope this helps others who are looking for a solution.
 
The GeoIP block won't work if you use only nginx, not Apache?
@hotdog yes you would have to have the sites PHP handler set to Apache if you want to do Geo blocking at the web server level. With that said you can also block countries at the firewall level.

How can I deny a countries at the web server level using Juggernaut Firewall?

How can I deny countries at the firewall level using Juggernaut Firewall?
 
Back
Top