• Inviting everyone who uses WordPress management tools in Plesk
    The Plesk team is conducting a 60-minute research session that includes an interview and a moderated usability test.
    To participate, please use this link .
    Your experience will help shape product decisions and ensure the tools better support real-world use cases.

Resolved Juggernaut Security and Firewall Plesk Addon

So by default, Juggernaut offers no way to see what IPs are being dropped?

Also, when I do know the IP to search for, why is it not showing up in the Dashboard search?
 
> So by default, Juggernaut offers no way to see what IPs are being dropped?

We follow the same defaults for logging that CSF uses for all Cpanel servers. Just enable Drop incoming logging as I mentioned if you really want them logged.
 
>We follow the same defaults for logging that CSF uses for all Cpanel servers. Just enable Drop incoming logging as I mentioned if you really want them logged.

Forgive me if I'm missing something. I'm not trying to be obtuse. I just know that without using Juggernaut, if we had someone who couldn't connect via FTP, we would have someone look at the logs, see what IP was knocking on the door, and then we would whitelist it.

When we know the IP, what would be causing it not to show up in the Dashboard search you suggested?
 
MacGyver said:
When we know the IP, what would be causing it not to show up in the Dashboard search you suggested?
Click to expand...
If you search for the IP address in the dashboard search and it doesn't come up with any results, then it's not blocked on the firewall. It's not a firewall problem.
 
>If you search for the IP address in the dashboard search and it doesn't come up with any results, then it's not blocked on the firewall. It's not a firewall problem.

Perhaps there is a disconnect in how I am relaying things then.

I pull up a browser. I got to a site on this server. I can connect with no problem. I pull up a browser based VPN and set it to connect from Germany, Romania, etc. A country that is blocked. I go to ipchicken.com to check the IP address. I try to connect to the same website. Now it times out. I go back to ipchicken.com and confirm that it's still that IP address. I turn off the VPN and connect to the site successfully now. I now go to the Dashboard and search for that overseas IP, and it's not there.

Clearly I'm misunderstanding something. What am I doing wrong?
 
Thanks. We got the issue resolved temporarily, but will open a ticket regarding the MaxMind issue as the issue does not seem to be resolved. Just FYI, we go this in the morning email:

We’re still seeing outdated API requests from your account (ID XXXXXX) that are using an incorrect endpoint.

Going forward, we will only accept:

  • API requests sent with the more secure HTTPS protocol.
  • API requests sent to the appropriate hostname.
Click the links below to view a list of valid API hostnames for each service.



If you have questions or need help, just reply to this email.
 
They are probably sending those out from any requests from the last month. CSF just pushed their fix a few weeks ago. All our extensions use https:// and download.maxmind.com as they recommend.
 
How does this firewall compare to the preinstalled ModSecurity WAF by Comodo and Fail2Ban?

Does it automatically block attack attempts?
 
@safemoon A web application firewall and an IPtables firewall perform two completely different tasks. You should have both installed. Juggernaut will monitor the modsecurity logs and ban users who trigger modsecurity repeatedly.

@zed2007 Just add a rule for the IP address under Allow -> Allow permanently.
 
Just a shout out for the Danami support team. We decided to try Juggernaut on a server we were migrating purely in hopes that it would supply some GEO blocking security. Now over a year later it's done everything we hoped, and more. We're now using it to deal with some other security issues, and the Danami support team has been great.

We're not usually big on subscription based products, but this one has proven itself. So much so that when our AV comes up for renewal this year, we will likely be switching to the Danami product for that as well. When first looking at the firewall, it seems to be a bit overwhelming, but I have found that it's really not once you start using it.

If you're looking for a good software based firewall add on for Plesk that will provide GEO Blocking, this is a great product. I hope this helps others who are looking for a solution.
 
hotdog said:
The GeoIP block won't work if you use only nginx, not Apache?
Click to expand...
@hotdog yes you would have to have the sites PHP handler set to Apache if you want to do Geo blocking at the web server level. With that said you can also block countries at the firewall level.

How can I deny a countries at the web server level using Juggernaut Firewall?

How can I deny countries at the firewall level using Juggernaut Firewall?
 
Hello. How enable Juggernaut Security and Firewall ModSecurity Custom rule set?
 

Attachments

  • Screenshot_72.png
    Screenshot_72.png
    52.4 KB · Views: 6
Hello.
How i can create fully back with settings, banned ip, blocked emails .... of Juggernaut Security and Firewall and Warden Anti-spam and Virus Protection? I wanna reinstall server.
 
You must log in or register to reply here.

Similar threads

Azurel
Question Block country without extension "firewall"?
Replies
3
Views
1K
Azurel
Azurel
H
Issue Can't connect to server - Remote RDP - Firewall settings link not working in Plesk. Any other method?
Replies
2
Views
3K
iulesh
I
I
Input Hardening Plesk with AbuseIPDB
Replies
2
Views
2K
iainh
I
Z
Issue Major security inconsistency in Plesk admin access control logic
Replies
7
Views
5K
zigzag
Z
wakabayashi
Question SMTP Firewall - is it possible to block brutforce attacks?
Replies
3
Views
2K
Vladimir C.
V
Back
Top