• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue New Subcription and Fail2Ban

WebHostingAce

WebHostingAce

Silver Pleskian
Hi,

I have came across this issue few times.

Adding New Subcription with Wordpress is not covered by Wordpress Jail.

According to Fail2Ban Log ONLY the Error Log for new Subcription is ADDED to Fail2Ban.

So the issue seems to be any Jails with Access logs.

Turning off and on the Fail2Ban fix the issue.

Tested on,

CentOS 6 & 7
Plesk 17.5 #9

Possibly a bug?

Thank you.
 
Last edited:
Hi AusWeb,

I'm currently also struggling with fail2ban to mysql, see my post here.

Not sure what you mean with 'New subscription', but the default plesk-wordpress filter uses this failregex:

^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200

So you need to set the jail to search the access logs. I use this plesk-wordpress logpath:

logpath = /var/www/vhosts/*/logs/access_log

Maybe this helps you?

Best regards,

Bjorn Joosen
 
Hi Bjorn,

Sorry I mean by 'New subscription' > Adding a new website to the server.

I had a look into Fail2Ban log, Only the error log is added. Not the Access Logs.

Unless I restart F2B. Access Logs to the New Website will not added to F2B.

Seems like a bug but so far anyone from Plesk Team haven't reply.

Thank you!
 
F2B reads the logs at startup, so this is normal fail2ban working.

I agree it should be done by plesk after adding a new hosting, but this can be tricky. fail2ban can take a looooong time to restart if you have many jails that read domainlogs. restarting fail2ban every time a hosting is added can take very long.

And then what with fail2ban setups that don't read domainlogs, but only general logs?

We used to have an wp-xml-rpc jails also, but disabled them because they interfere with normal wp working.

this is a good article on xml-rpc

Should You Disable XML-RPC on WordPress?

We had a client that uses Jetpack plugin on dozens of sites and almost left because "his sites where never online when he was updating them"

regards
Jan
 
Hi Linulex,

Thank you for your input.

Do you think its the Normal behavior of F2B?

I can see the Newly Added Domain's Error log is added to F2B without restarting but not the Access Logs. So the anything covered by Access Logs are not covered. ex. wp-admin logins..
 
Last edited:
You must log in or register to reply here.

Similar threads

T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
952
Bitpalast
Bitpalast
Tim Clarke
Issue Problems with recidive jail
Replies
3
Views
569
La Linea
L
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
1
Views
152
Sebahat.hadzhi
Sebahat.hadzhi
O
Question New installation: best practices, useful tips, suggests
Replies
9
Views
2K
Kaspar
K
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
3K
The 8th
The 8th
Back
Top