• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Plesk12 with high security risk!?

Azurel

Azurel

Silver Pleskian
"security" is maybe not the exact term. Here is a big problem with plesk and nginx!

I have report this for plesk 11.5 and plesk 12 have this problem too. Nginx not send correct visitor ip. I have heavy traffic and cpu load from a attacker and can't point out which ip caused this problem, because I see only my own ipv6 as culprit. Plesk help here attackers to hide attacks. Not the best choice.

# netstat -plan|grep :80|awk {'print $5'}| rev | cut -d: --complement -f1 | rev |sort|uniq -c|sort -nk 1
24 87.143.80.*
29 72.46.133.*
32 146.52.212.*
40 72.46.134.*
679 2a01:SERVER-IP
Click to expand...

# awk -vDate=`date -d'now-2 hours' +[%d/%b/%Y:%H:%M:%S` ' { if ($4 > Date) print $1}' access_log | sort |uniq -c |sort -n | tail
.....
4835 157.55.*.*
4891 178.154.*.*
4964 37.140.*.*
5187 207.46.*.*
55305 2a01:SERVER-IP
Click to expand...

# awk -vDate=`date -d'now-2 hours' +[%d/%b/%Y:%H:%M:%S` ' { if ($4 > Date) print $1}' proxy_access_log | sort |uniq -c |sort -n | tail
.....
2543 91.64.*.*
2666 87.123.*.*
2676 217.190.*.*
3059 82.83.*.*
55251 2a01:SERVER-IP
Click to expand...

What I can now do, to identify the attackers ip for banning? Any help is appreciated. My server going slower and slower....
 
Thanks, but that no good solution for customers. Thats not help so much, because plesk said:

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
Click to expand...

Is here no tutorial from parallels to fix this annoying problem?

My server hoster have fix this in plesk 11.5 for me, but for version 12 he said that fix is not possible anymore.
 
@Azurel,

I strongly suggest to install the Fail2Ban module and set a proper jail and corresponding filter, by preference a custom jail with custom filters.

The main advantage of this approach that (mostly) attackers will give up, in case of a (temporary) IP ban by Fail2Ban.

Furthermore, this approach will give you easy insight in "bad" IPs, being used for "attacks" and hence allowing you to set-up the firewall (i.e. creating a permanent IP block).

Kind regards....
 
@Azurel,

It is not necessary to have a thorough knowledge of Fail2Ban: activate all jails, the settings "out-of-the-box" are very reasonable.

The only thing that should be optionally adjusted is

- the trusted IP addresses: add your own standard IP,
- the ssh jail, the number of attempts should be minimized to 2.

Furthermore, to make ssh safe, modify the firewall rules and add "allow, deny all others rule" for the standard IP you are using (in order to allow access for you only).

Kind regards....
 
You must log in or register to reply here.

Similar threads

W
Question How to Prevent High Connection Counts Causing High Memory Usage (Possible DDoS?)
Replies
7
Views
2K
Bitpalast
Bitpalast
N
Issue DDOS Attack self Plesk server
Replies
4
Views
1K
Bitpalast
Bitpalast
B
Issue DDOS attack
Replies
5
Views
12K
VPS9 Networks
VPS9 Networks
M
Input Use Wordfence to fill the firewall
Replies
13
Views
5K
mr-wolf
M
M
Input Flatten cnames
Replies
4
Views
3K
mr-wolf
M
Back
Top