Kulturmensch
Regular Pleskian
- Server operating system version
- Ubuntu 22.04.5 LTS
- Plesk version and microupdate number
- Plesk Obsidian 18.0.67 Update #3
Hello everyone,
I’m running a Plesk panel that has been under a massive brute-force attack for some time. The login attempts are happening non-stop from globally distributed IPs, targeting users like admin, root, and even custom usernames.
I have already implemented the following security measures:
✔ 2FA enabled for the Plesk panel
✔ Fail2Ban set to block IPs for 1 year after 1 failed attempt
✔ GeoIP blocking for China, Russia, India, Indonesia, the Philippines & more
✔ Rate limiting set to 1 attempt per IP
✔ Over 1,000 malicious IPs manually blocked
Despite these protections, the attacks continue – it seems that a large botnet is targeting my panel.
I am now planning additional measures to either make the attacks ineffective or slow down the attackers:
Tarpit mechanism for login attempts (delaying connections significantly)
Honeypot for bot detection & automatic reporting to AbuseIPDB
Cloudflare Zero Trust Tunnel to mask the panel’s IP
Complete whitelisting of Plesk access (allow only known IPs)
Question to the community:
Are there any additional effective security measures for Plesk to handle high-frequency brute-force attacks?
Has anyone experience with Tarpit techniques, captchas, or advanced IP filtering for Plesk?
Thanks for your insights!