• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Plesk Server Crash and other issues

Richieboydev

Richieboydev

Basic Pleskian
Hey everyone,

I had a crash the other night, the first one in months. I have also been having my Plesk Server shut down almost nightly.

Today right now I see hundreds if not thousands of these

Dec 8 10:19:07 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:09 talkdevelopment rsyslogd-2177: imuxsock lost 69 messages from pid 19177 due to rate-limiting Dec 8 10:19:14 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:15 talkdevelopment rsyslogd-2177: imuxsock lost 16 messages from pid 19177 due to rate-limiting Dec 8 10:19:20 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:21 talkdevelopment rsyslogd-2177: imuxsock lost 42 messages from pid 19177 due to rate-limiting Dec 8 10:19:35 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:43 talkdevelopment rsyslogd-2177: imuxsock lost 393 messages from pid 19177 due to rate-limiting Dec 8 10:19:45 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:50 talkdevelopment rsyslogd-2177: imuxsock lost 205 messages from pid 19177 due to rate-limiting Dec 8 10:19:54 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:56 talkdevelopment rsyslogd-2177: imuxsock lost 96 messages from pid 19177 due to rate-limiting Dec 8 10:19:59 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:20:03 talkdevelopment rsyslogd-2177: imuxsock lost 231 messages from pid 19177 due to rate-limiting Dec 8 10:20:13 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:20:15 talkdevelopment rsyslogd-2177: imuxsock lost 97 messages from pid 19177 due to rate-limiting Dec 8 10:20:19 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:20:24 talkdevelopment rsyslogd-2177: imuxsock lost 69 messages from pid 19177 due to rate-limiting



But what scared me earlier was these

Dec 7 03:43:56 talkdevelopment rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="3281" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Dec 7 04:12:28 talkdevelopment xinetd[5173]: START: ftp pid=28508 from=::ffff:58.254.168.10 Dec 7 04:12:28 talkdevelopment proftpd[28508]: processing configuration directory '/etc/proftpd.d' Dec 7 04:12:32 talkdevelopment proftpd[28508]: REMOVED (58.254.168.10[58.254.168.10]) - FTP session opened. Dec 7 04:12:33 talkdevelopment proftpd[28508]: REMOVED (58.254.168.10[58.254.168.10]) - FTP session closed. Dec 7 04:12:33 talkdevelopment xinetd[5173]: EXIT: ftp status=0 pid=28508 duration=5(sec) Dec 7 04:12:33 talkdevelopment xinetd[5173]: START: ftp pid=28512 from=::ffff:58.254.168.10 Dec 7 04:12:33 talkdevelopment proftpd[28512]: processing configuration directory '/etc/proftpd.d' Dec 7 04:12:34 talkdevelopment proftpd[28512]: 74.208.174.18 (58.254.168.10[58.254.168.10]) - FTP session opened. Dec 7 04:12:35 talkdevelopment proftpd[28512]: ###### (58.254.168.10

I removed my ip. Is someone attacking my ftp? I should have this closed and also being protected by fail2ban. I am really nervous about this.

Can anyone please share some insight?

Thanks so much,
Rich
 
Hi Richieboydev,

for your first issue, please read this article:


For your second issue, be aware that Fail2Ban only bans failed login attempts after a defined amount in your configuration - let's say you have defined a pre-defined Plesk jail "plesk-proftpd", then it should be "maxretry = 5", after which failed - login attempts are banned per IP.

What do you mean, when you write "I should have this closed" ?

Don't be nervous about attacks, they are absolutely normal on public servers with open ports, because kiddies like to play.
 
Thanks,

I mean the port should be closed and open only to me but apparently I messed that up in the firewall.

I understand the attacks are just part of the game but when they cause my server to crash or over load I get nervous.

I will see if I can adjust the jails again as they are filling up very fast now. I have 125 bans since early today.

Thanks again for the reply,
Rich
 
You must log in or register to reply here.

Similar threads

T
Issue Mysql server under pressure (too much ?)
2
Replies
27
Views
4K
Teal_cfr
T
R
Issue Update to plesk 18.0.40 failed
Replies
2
Views
2K
IgorG
IgorG
Endre
Issue Server Error 500 Plesk\Exception\Database DB query failed: SQLSTATE[HY000] [2002] No such file or directory
Replies
15
Views
8K
MihaiNecreala
M
M
Issue Database server
Replies
8
Views
2K
Monty
Monty
C
Issue Cannot allocate memory
Replies
0
Views
3K
cpt.viktor
C
Back
Top