• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Resolved plesk wordpress jail flaw

Dork

Dork

Regular Pleskian
Server operating system version
CentOS 7
Plesk version and microupdate number
Plesk Obsidian Version 18.0.52 Update #3
The wordpress jail treats a perl script as a wordpress object
 
The Wordpress jail reacts on failed Wordpress logins. If your Perl script is named like the Wordpress login and shows a similar behavior then yes, the jail will react.
 
Peter Debik said:
The Wordpress jail reacts on failed Wordpress logins. If your Perl script is named like the Wordpress login and shows a similar behavior then yes, the jail will react.
Click to expand...
But Perl files use the extension pl and PHP files the extension php
 
I assume you mean the fail2ban jail?

The Wordpress fail2ban filter should (by default) not act on anything other than post requests to a file named wp-login.php. That being said, it depends on what your Perl script does. If it's action matches the fail2ban filter it is possible that the jail gets triggerd.

Post your fail2ban Wordpress rule and filter and an excerpt that contains access entries of the perl script from the access log if you want me to take a more in dept look.
 
Kaspar said:
I assume you mean the fail2ban jail?

The Wordpress fail2ban filter should (by default) not act on anything other than post requests to a file named wp-login.php. That being said, it depends on what your Perl script does. If it's action matches the fail2ban filter it is possible that the jail gets triggerd.

Post your fail2ban Wordpress rule and filter and an excerpt that contains access entries of the perl script from the access log if you want me to take a more in dept look.
Click to expand...
Thanks for your explaination.
It is always a get request and the f2b action came as a result of the http error code 504 (line of the errorlog file)
So I think that I can forget it.
 
You must log in or register to reply here.

Similar threads

brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
2K
Maarten
M
Dork
Question The new plesk jail
Replies
3
Views
611
Dork
Dork
R
Issue Wordpress sites not loading - message Unresponsive
Replies
3
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
S
Issue Filter for plesk-wordpress jail does not work, any ideas?
Replies
1
Views
846
AYamshanov
AYamshanov
Fran Silva
Resolved Avoid installing WordPress when migrating a subscription from another Plesk
Replies
6
Views
1K
Fran Silva
Fran Silva
Back
Top