• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue plesk does Server down?

S

Sprayy

New Pleskian
Server operating system version
Ubuntu 22.04
Plesk version and microupdate number
18.0.54
Hello together,
im kinda new into ubuntu and Servers. 4 Months ago i got my first one and everything seemed perfect, but today for some reason i couldnt get to the Server UI (login-page) and all my sites are down. Pinging the Server and the websites seems to be working fine. I tried restarting the server multiple times (soft and hard), but it dindnt help.
I didnt change anything, the server just stopped working (it worked in the morning, didnt work when i came back home 7 hours later).
Any help would be appreciated, thanks.
 
Do you find your own access point IP (or the first three octets of it) in /var/log/fail2ban.log?
 
Peter Debik said:
Do you find your own access point IP (or the first three octets of it) in /var/log/fail2ban.log?
Click to expand...
I had the same issue when working on WordPress. The server went down and will not be back till I restart the server. my server specification is attached, I'm using Debian 12.7, and only have one website on this server WordPress

1727898843345.png
 
As Peter explained, the "IP Address Banning (Fail2Ban)" feature might be the culprit.

What could have happened is that while you were editing the WordPress website, the "Web Application Firewall (ModSecurity)" may have triggered a false positive. As a result, "IP Address Banning (Fail2Ban)" blocked your IP based on this false positive from the WAF.

You can check the /var/log/fail2ban.log file to see if your remote IP address is listed in the log.

[Also please ensure that all your server IPs are included in the "Trusted IP Addresses" section of "IP Address Banning (Fail2Ban)." as well]
 
WebHostingAce said:
As Peter explained, the "IP Address Banning (Fail2Ban)" feature might be the culprit.

What could have happened is that while you were editing the WordPress website, the "Web Application Firewall (ModSecurity)" may have triggered a false positive. As a result, "IP Address Banning (Fail2Ban)" blocked your IP based on this false positive from the WAF.

You can check the /var/log/fail2ban.log file to see if your remote IP address is listed in the log.

[Also please ensure that all your server IPs are included in the "Trusted IP Addresses" section of "IP Address Banning (Fail2Ban)." as well]
Click to expand...
I found a banned IP in the log, but that IP is accessing SSH from another country. Could it be plugin access?
 
WebHostingAce said:
As Peter explained, the "IP Address Banning (Fail2Ban)" feature might be the culprit.

What could have happened is that while you were editing the WordPress website, the "Web Application Firewall (ModSecurity)" may have triggered a false positive. As a result, "IP Address Banning (Fail2Ban)" blocked your IP based on this false positive from the WAF.

You can check the /var/log/fail2ban.log file to see if your remote IP address is listed in the log.

[Also please ensure that all your server IPs are included in the "Trusted IP Addresses" section of "IP Address Banning (Fail2Ban)." as well]
Click to expand...
Mostly goes down when opening the WordPress dashboard, and most of the ban is about SSH, how can we solve this WordPress falling because of ban
 
is this right to solve the issue : as per screenshot, moved WordPress to be excluded rule.


1727931120653.png
 
WordPress is known to generate false positives with ModSecurity.

If it happens again, click on "Error Log File" on the same page and search for ID's.
They look like this: [id "210492"].

Add that number in the "Security rule IDs" field and ModSecurity will ignore it.
 
Maarten said:
WordPress is known to generate false positives with ModSecurity.

If it happens again, click on "Error Log File" on the same page and search for ID's.
They look like this: [id "210492"].

Add that number in the "Security rule IDs" field and ModSecurity will ignore it.
Click to expand...
thanks for info
 
You must log in or register to reply here.

Similar threads

B
Resolved Update broke FTP access
Replies
5
Views
244
Sebahat.hadzhi
Sebahat.hadzhi
M
Issue My plesk server is completely down
Replies
8
Views
2K
Kaspar@Plesk
Kaspar@Plesk
LuigiMdg
Issue Server Down Every Morning After Domain Transfer
Replies
12
Views
2K
AYamshanov
AYamshanov
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
1
Views
164
Sebahat.hadzhi
Sebahat.hadzhi
Tim_Wakeling
Issue Firewall suddenly took Plesk down overnight
2
Replies
23
Views
3K
Peter Debik
P
Back
Top