• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Logging in to Plesk with static IP V4, using a static IP v6.

CobraArbok

CobraArbok

Regular Pleskian
Server operating system version
Ubuntu 22.04.1 LTS
Plesk version and microupdate number
18.0.49 Update #2
Plesk is on a VPS with static V4 public IP.
The office has an Internet line with dynamic IP V4 and static IP v6.

I would like to block access to Plesk using a static IP; can I use the IP V6 one?

If for some reason I can't access from that address, can I change it via SSH or from the VPS console?
Where is it?
 
There's 2 ways of doing this.

First way is to use the IP Access Restriction Management located under Tools & Settings. You just add in networks that you want to use (rather that's IPv4 or IPv6) or updating the firewall rules to restrict access to just your IP address.
 
Peter Debik said:
@CobraArbok Here is what to do if you locked yourself out using IP access restriction:
Click to expand...
Even if I had read into the future, Plesk blocked me both from the PC and from the smartphone.
I solved by typing the two commands in the console, but now I would like to understand why it blocks me every day from the dynamic IP.
The Internet line at home is always the same and it's normal for the provider to change my IP address, but it's the first time I've ever blocked it in Fail2Ban.
 
Fail2Ban is a different issue. When you are blocked by Fail2Ban, very likely something from your local network is trying to login with wrong credentials (wrong username or wrong password). Most often that will be an email application. Please check /var/log/fail2ban.log which jail is blocking your ip. From there you can easily find out more using the log files of that corresponding service.
 
CobraArbok said:
Plesk is on a VPS with static V4 public IP.
The office has an Internet line with dynamic IP V4 and static IP v6.

I would like to block access to Plesk using a static IP; can I use the IP V6 one?
Click to expand...
If your VPS has no IP v6 that's just asking for trouble.
CobraArbok said:
If for some reason I can't access from that address, can I change it via SSH or from the VPS console?
Click to expand...
You could tunnel to port 8443 via ssh and access Plesk that way.
 
Peter Debik said:
Fail2Ban is a different issue. When you are blocked by Fail2Ban, very likely something from your local network is trying to login with wrong credentials (wrong username or wrong password). Most often that will be an email application. Please check /var/log/fail2ban.log which jail is blocking your ip. From there you can easily find out more using the log files of that corresponding service.
Click to expand...
In fact it's so.
I was blocked again and from the logs I see that the access from the IP address is by Dovecot and Postfix.
But I don't understand why; it is my home IP and accesses are continuous, even at night when the PC is off; furthermore I don't have smartphone applications that access these mailboxes.
 
Most often it is indeed a smartphone. I once know someone how swore that he is not connecting. After three months he found out that he gave his old smartphone to his son and forgot to remove his email app from it. Problem solved.

If you see access through the night and if these occur every five to 15 seconds, it is most likely a phone. Another option could be a pad or an NAS or the router itself that is trying to send notifications on some service by email. Or maybe it's your wife's phone? Your friend's? Your neighborÄs who you share the router with? If the logins are coming from your IP, there sure exists a device that is trying to login.
 
Peter Debik said:
Most often it is indeed a smartphone. I once know someone how swore that he is not connecting. After three months he found out that he gave his old smartphone to his son and forgot to remove his email app from it. Problem solved.

If you see access through the night and if these occur every five to 15 seconds, it is most likely a phone. Another option could be a pad or an NAS or the router itself that is trying to send notifications on some service by email. Or maybe it's your wife's phone? Your friend's? Your neighborÄs who you share the router with? If the logins are coming from your IP, there sure exists a device that is trying to login.
Click to expand...
Damn!
It's not the wife, but an old tablet of mine that still had roundcube installed.
Thank you very much.

But in the log I see that there are still dozens of login attempts via ssh and postfix.
I have my ISP's firewall already disallowing SSH access; so how do they try to log in?

And how can I in fail2ban block all but some ports?
Or enable only the ones I need?
The user guide isn't very clear on this and opening existing jails doesn't help me.
 
Postfix brute-force attempts: Very common. Nothing to worry about as long as you have the fail2ban postfix jail on.
SSH brute-force attempts: Also common. However, if SSH port is really blocked, how do you maintain your server yourself? With the fail2ban ssh jail in place it should not worry much anyway. Of course as you are a responsible user you have PermitRootLogin set to "no" in the sshd configuration, right?
Fail2ban block all ports: Fail2ban cannot do that. It does not block ports, it blocks IP addresses of attackers.
In the Plesk firewall disable/block all services that you are not using. For example if you are not using single-sign-on, block it. If you are not using PostgreSQL block it, etc. Else if you go with the default setting, you'll still be fine. Nothing to worry about.
 
Peter Debik said:
... However, if SSH port is really blocked, how do you maintain your server yourself? With the fail2ban ssh jail in place it should not worry much anyway. Of course as you are a responsible user you have PermitRootLogin set to "no" in the sshd configuration, right?
Fail2ban block all ports: Fail2ban cannot do that. It does not block ports, it blocks IP addresses of attackers.
In the Plesk firewall disable/block all services that you are not using. For example if you are not using single-sign-on, block it. If you are not using PostgreSQL block it, etc. Else if you go with the default setting, you'll still be fine. Nothing to worry about.
Click to expand...
On my ISP's firewall I closed port 22 and opened another port.
I know they could still scan all open ports, but at least I'm making it a little harder for the lazy and the automatic.
It is for this reason that I want to jail this port on Fail2Ban.

Yes, PermitRootLogin = no.
Then you still need an SSH key and I also activated TFA.
 
Peter Debik said:
Of course as you are a responsible user you have PermitRootLogin set to "no" in the sshd configuration, right?
Click to expand...
That does not provide significant additional security. "PasswordAuthentication no" is far more important, and together with a non-standard port helps to reduce the noise in the logs.
 
mow said:
That does not provide significant additional security. "PasswordAuthentication no" is far more important, and together with a non-standard port helps to reduce the noise in the logs.
Click to expand...
Yes, I've PasswordAuthentication no
 
You must log in or register to reply here.

Similar threads

CobraArbok
Question Access from dynamic IP (Mobile)
Replies
0
Views
682
CobraArbok
CobraArbok
Bod
Question Perl on Debian
Replies
4
Views
309
kpushkarev
K
S
Resolved Plesk Virtualization Station on a home qnap server
Replies
6
Views
858
Salamanca
S
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
159
andreios
andreios
H
Question Migrating from Centminmod to Plesk Obsidian on a Dedicated Hetzner Server
Replies
1
Views
167
Kaspar
K
Back
Top