• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Plesk Server Crash and other issues

Richieboydev

Richieboydev

Basic Pleskian
Hey everyone,

I had a crash the other night, the first one in months. I have also been having my Plesk Server shut down almost nightly.

Today right now I see hundreds if not thousands of these

Dec 8 10:19:07 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:09 talkdevelopment rsyslogd-2177: imuxsock lost 69 messages from pid 19177 due to rate-limiting Dec 8 10:19:14 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:15 talkdevelopment rsyslogd-2177: imuxsock lost 16 messages from pid 19177 due to rate-limiting Dec 8 10:19:20 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:21 talkdevelopment rsyslogd-2177: imuxsock lost 42 messages from pid 19177 due to rate-limiting Dec 8 10:19:35 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:43 talkdevelopment rsyslogd-2177: imuxsock lost 393 messages from pid 19177 due to rate-limiting Dec 8 10:19:45 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:50 talkdevelopment rsyslogd-2177: imuxsock lost 205 messages from pid 19177 due to rate-limiting Dec 8 10:19:54 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:19:56 talkdevelopment rsyslogd-2177: imuxsock lost 96 messages from pid 19177 due to rate-limiting Dec 8 10:19:59 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:20:03 talkdevelopment rsyslogd-2177: imuxsock lost 231 messages from pid 19177 due to rate-limiting Dec 8 10:20:13 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:20:15 talkdevelopment rsyslogd-2177: imuxsock lost 97 messages from pid 19177 due to rate-limiting Dec 8 10:20:19 talkdevelopment rsyslogd-2177: imuxsock begins to drop messages from pid 19177 due to rate-limiting Dec 8 10:20:24 talkdevelopment rsyslogd-2177: imuxsock lost 69 messages from pid 19177 due to rate-limiting



But what scared me earlier was these

Dec 7 03:43:56 talkdevelopment rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="3281" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Dec 7 04:12:28 talkdevelopment xinetd[5173]: START: ftp pid=28508 from=::ffff:58.254.168.10 Dec 7 04:12:28 talkdevelopment proftpd[28508]: processing configuration directory '/etc/proftpd.d' Dec 7 04:12:32 talkdevelopment proftpd[28508]: REMOVED (58.254.168.10[58.254.168.10]) - FTP session opened. Dec 7 04:12:33 talkdevelopment proftpd[28508]: REMOVED (58.254.168.10[58.254.168.10]) - FTP session closed. Dec 7 04:12:33 talkdevelopment xinetd[5173]: EXIT: ftp status=0 pid=28508 duration=5(sec) Dec 7 04:12:33 talkdevelopment xinetd[5173]: START: ftp pid=28512 from=::ffff:58.254.168.10 Dec 7 04:12:33 talkdevelopment proftpd[28512]: processing configuration directory '/etc/proftpd.d' Dec 7 04:12:34 talkdevelopment proftpd[28512]: 74.208.174.18 (58.254.168.10[58.254.168.10]) - FTP session opened. Dec 7 04:12:35 talkdevelopment proftpd[28512]: ###### (58.254.168.10

I removed my ip. Is someone attacking my ftp? I should have this closed and also being protected by fail2ban. I am really nervous about this.

Can anyone please share some insight?

Thanks so much,
Rich
 
Hi Richieboydev,

for your first issue, please read this article:


For your second issue, be aware that Fail2Ban only bans failed login attempts after a defined amount in your configuration - let's say you have defined a pre-defined Plesk jail "plesk-proftpd", then it should be "maxretry = 5", after which failed - login attempts are banned per IP.

What do you mean, when you write "I should have this closed" ?

Don't be nervous about attacks, they are absolutely normal on public servers with open ports, because kiddies like to play.
 
Thanks,

I mean the port should be closed and open only to me but apparently I messed that up in the firewall.

I understand the attacks are just part of the game but when they cause my server to crash or over load I get nervous.

I will see if I can adjust the jails again as they are filling up very fast now. I have 125 bans since early today.

Thanks again for the reply,
Rich
 
You must log in or register to reply here.

Similar threads

T
Issue Mysql server under pressure (too much ?)
2
Replies
27
Views
3K
Teal_cfr
T
R
Issue Update to plesk 18.0.40 failed
Replies
2
Views
2K
IgorG
IgorG
Endre
Issue Server Error 500 Plesk\Exception\Database DB query failed: SQLSTATE[HY000] [2002] No such file or directory
Replies
15
Views
7K
MihaiNecreala
M
M
Issue Database server
Replies
8
Views
2K
Monty
Monty
C
Issue Cannot allocate memory
Replies
0
Views
2K
cpt.viktor
C
Back
Top