• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Input plesk fail2ban missing some important filter rules

P

PeterKi

Regular Pleskian
Server operating system version
Ubuntu 22.04.3 on strato vServer
Plesk version and microupdate number
Plesk Obsidian Web Admin Edition Version 18.0.56
Looking at the server logs of my Ubuntu 22.04 system with Plesk obsidian 18.0.56 I found many entries which are not covered by the plesk jails.
The most frequent of these are apache 404 and postfix errors.
The plesk developers eventually should take a deeper look at server logs and add filters for the most frequent failing access attempts.
I have added 3 filters for the entries metioned above, but I would expect that plesk fail2ban rules cover those frequent access attempts by default.
The filters I suggest are:

apache404
[Definition]
failregex = <HOST> - .* "(GET|POST|HEAD).*HTTP.*"\s404\s
ignoreregex = .*(robots.txt|favicon.ico|jpg|png)

postfix-sasl
[Definition]
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed([\s\w+\/:]*={0,4})?\s*$
ignoreregex = authentication failed: Connection lost to authentication server$

postfix-ssl
[Definition]
failregex = ^%(__prefix_line)sSSL_accept error from \S+\s*\[<HOST>\]
ignoreregex =
 
Hi in my opinion blocking Apache's 404 errors using fail2ban might it could lead to unintended consequences if its enabled by default

Many websites feature numerous 404 pages, often not indicative of an attack. It's crucial to handle this issue delicately—blocking access to crawlers such as Google and Bing can lead to unintended consequences.

Consider this scenario: if I link your website to several 404 URLs using follow links, certain crawlers will detect these links and attempt access. Consequently, you might end up blocking Googlebot IPs, causing your website to vanish from Google's index or triggering SEO complications.
 
Sorry for not being precise enough.
I did not mean that a filter for 404 errors should be enabled by default, but should be supplied by Plesk.
It is then up to the user to enable it or not.
Also, I think crawlers that do not obey pages excluded by a robots.txt should be banned.
 
You must log in or register to reply here.

Similar threads

wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
1K
mizar
mizar
B
Issue I need help getting setting up a filter for AH01264 in fail2ban
Replies
1
Views
1K
Peter Debik
P
S
Issue Filter for plesk-wordpress jail does not work, any ideas?
Replies
1
Views
749
AYamshanov
AYamshanov
J
Issue Default plesk-wordpress fail2ban doesn't work
Replies
6
Views
1K
Peter Debik
P
P
Input Enhancement suggestions for Plesk's fail2ban filters
Replies
1
Views
1K
Maarten
M
Back
Top