• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Plesk with fail2ban with Apache error log.

A

Alexey_Shpak

Basic Pleskian
Hello.

We used plesk 10.3.1, and want to use fail2ban for apache error log.
I tried install fail2ban by myself and config it : this is config

[apache-tcpwrapper]

enabled = true
filter = apache-auth
action = hostsdeny
logpath = /var/log/httpd/error_log
maxretry = 5
bantime = 10

and

[ssh-iptables]

enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, [email protected]]
logpath = /var/log/secure
maxretry = 5
bantime = 40000



this is filter for apache-auth:

# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 728 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = [[]client <HOST>[]] user .* authentication failure
[[]client <HOST>[]] user .* not found
[[]client <HOST>[]] user .* File does not exist
[[]client <HOST>[]] user .* password mismatch

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =


But i saw big number of fail message in error_log, which tried for one ip adress:

[Fri Nov 11 10:03:05 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:05 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:05 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:05 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:05 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:05 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:05 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:05 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:06 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:06 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:06 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:06 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:06 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:06 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:06 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann
[Fri Nov 11 10:03:07 2011] [error] [client 86.57.157.190] File does not exist: /var/www/vhosts/default/htdocs/ann


And this IP not baned.

I baned this ip with plesk-firewall.

And another question.

If I installfail2ban on debian, I may saw this:

:fail2ban-ssh - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A fail2ban-ssh -j RETURN

But on CentOS (when we installed Plesk) I can't saw this message, I only saw plesk-firewall rules.

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT --reject-with tcp-reset
-A INPUT -m state --state INVALID -j DROP
-A INPUT -i lo -j ACCEPT


What the problem?

Sorry for my English.
 
Hi,

I'm afraid I know little to nothing about fail2ban, we use a different solution called BFD (from Scott at rfxn Networks), however I know a little about apache and tcpwrappers, and you can't use tcpwrappers to ban IPs from Apache.

Tcpwrappers works by adding the failing IPs to the /etc/hosts.deny file, and this is read by any applications using tcpwrappers (It'll work for proftpd and sshd) but Apache isn't one of them.

You would need to use iptables type banning for apache (like you have with sshd). However I would be careful, we have seen situations where search crawlers have been banned because of badly set up vhosts / websites.

Paul.
 
Do you see the fail2ban rules after entering #iptables -L ?

They should start with:
Code: 
Chain fail2ban
 
You must log in or register to reply here.

Similar threads

meymigrou
Issue Unable to backup WordPress site in Plesk "Backup created with minor issues occurred"
Replies
3
Views
259
Sebahat.hadzhi
Sebahat.hadzhi
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
595
andreios
andreios
S
Issue Filter for plesk-wordpress jail does not work, any ideas?
Replies
1
Views
354
AYamshanov
AYamshanov
T
Apache2 ModSec Error - Apache2 fails to start and AH00111 error
Replies
1
Views
1K
Peter Debik
P
S
Resolved Problem tuning fail2ban
Replies
5
Views
9K
nisamudeen97
nisamudeen97
Back
Top