Facebook
Twitter
- Server operating system version
- Ubuntu 22.04.3 on strato vServer
- Plesk version and microupdate number
- Plesk Obsidian Web Admin Edition Version 18.0.56
Looking at the server logs of my Ubuntu 22.04 system with Plesk obsidian 18.0.56 I found many entries which are not covered by the plesk jails.
The most frequent of these are apache 404 and postfix errors.
The plesk developers eventually should take a deeper look at server logs and add filters for the most frequent failing access attempts.
I have added 3 filters for the entries metioned above, but I would expect that plesk fail2ban rules cover those frequent access attempts by default.
The filters I suggest are:
apache404
[Definition]
failregex = <HOST> - .* "(GET|POST|HEAD).*HTTP.*"\s404\s
ignoreregex = .*(robots.txt|favicon.ico|jpg|png)
postfix-sasl
[Definition]
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed([\s\w+\/:]*={0,4})?\s*$
ignoreregex = authentication failed: Connection lost to authentication server$
postfix-ssl
[Definition]
failregex = ^%(__prefix_line)sSSL_accept error from \S+\s*\[<HOST>\]
ignoreregex =
The most frequent of these are apache 404 and postfix errors.
The plesk developers eventually should take a deeper look at server logs and add filters for the most frequent failing access attempts.
I have added 3 filters for the entries metioned above, but I would expect that plesk fail2ban rules cover those frequent access attempts by default.
The filters I suggest are:
apache404
[Definition]
failregex = <HOST> - .* "(GET|POST|HEAD).*HTTP.*"\s404\s
ignoreregex = .*(robots.txt|favicon.ico|jpg|png)
postfix-sasl
[Definition]
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed([\s\w+\/:]*={0,4})?\s*$
ignoreregex = authentication failed: Connection lost to authentication server$
postfix-ssl
[Definition]
failregex = ^%(__prefix_line)sSSL_accept error from \S+\s*\[<HOST>\]
ignoreregex =