Problem with latest Plesk 12 Update and IP Tables

[Illiminator31]

Hello,
i have a really bad Problem since one of the latest Plesk Updates. When the PSA Service is running it goes nuts and banning all IP Adresses who try to connect to the service (as you can see in the Screen Attachment).
I think it is maybe Fail2Ban, the Problem is that the Command fail2ban-client stop (which is the command to stop it) dont work via SSH.
As soon as i stop the PSA Service and flush my IP Tables via Script they are clean. But when i start my PSA Service again, the Banning starts.
Is it Possible that it has Something to do with Dr.Webd?. When i start PSA it says Failed when he starting this Process (drwebd).
If searched the Forum and the Internet but cant really find a Suitable Topic or something like that, what describes my Problem.

I didnt change something by the way: This Problem occured short after a Automatic Update (I´ve got a Email where plesk tells me that a Update was installed).

Hopefully someone can Provice Assistance, cause i need my Mailserver to run as soon as possible.

Walter

 

[UFHH01]

Hi Illiminator31,

the command to stop fail2ban over SSH is: service fail2ban stop ( or /etc/init.d/fail2ban stop )
To start fail2ban, you will use the command: service fail2ban start ( or /etc/init.d/fail2ban start )

If you have errors or failures with a service, you will always have depending log - files, where you might have a look at, to investigate issues. Please bookmark:

Parallels Plesk Panel for Linux services logs and configuration files ( KB - article: 111 283 )​

... to make sure, that you always find relevant paths for investigations. If you need help with investigations, please make sure to post depending error - logs entries and try to include as well operating system and current Plesk version ( incl. MUs ).

If you post as well the depending configuration files, it is far easier for people willing to help you, because we don't have to guess, what might be a cause.

 

[Illiminator31]

Hi
i´ve checked my Plesk and have seen that fail2ban is not installed on my System. Tought it would be f2b but thats not the reasone

I have put all logs together in one file, it is attached.

My System is Debian 7.3 Wheezy, My Plesk ist Plesk version:12.0.18 Update #30

When i checked the Logs (f.e Message.log etc) i have seen that most of them get not Updated and some are Empty. I´ve then checked my syslog and have seen that it has a Problem atm.

ps ax | grep syslog says:
7445 pts/0 S+ 0:00 grep syslog

When i use :
service rsyslog status

There is no response, same as with service rsyslog start

Im not sure why its not running and restarting dont change it. I checked the Init Script but that works. I´ve already contacted the Server Support and the look why syslog is not running. They Provide Basic Support (f.e why syslog not running) but no Support for Plesk.


Not sure if you can see from the Logs attached what it was.

Additional Information: I´ve had recently Problems with DDOS Attacks and Attacks and therefore i´ve tryed a Solution with CSF (Config Server Firewall) but Discovered that it dont work with Plesk. Is it maybe CSF what is banning all the IPs?.

btw: After i restarted the PSA Service 5 or 6 Times it now has Stopped. Was the Same last Time, but then it started again today. In Case the Logs dont help, would it be possible that we exchange Skype or Teamviewer and you may get Access to my Server and take a look by yourselfe?.

Lg

 

[UFHH01]

Hi Illiminator31,

first: I'm not a Parallels team member. I'm just trying to help people here in the forums, you might call it "solidarity help". I'm as well not providing any "personal" support here in the forums - I do this for the community and in threads.


The command "iptables -F" would "flush" all rules. To list all possible commands, please use the string "--help" ( -h ) => "iptables -h".

Plesk is just a help for system administrators, but it doesn't replace them completely. Plesk doesn't manage your operating system, it relies on the operating system and your very own package installations on your box. If you install an additional firewall, you have to configure it on your own - if you configure such an additional firewall wrong, you sure will have issues/problems. Consider uninstalling it completely from your system and use fail2ban instead, which is as well configurable over the Plesk Control Panel.

 

[Illiminator31]

Hi,
yea ok thanks for the help. Tought "Product Expert" means something like Team Member .

I´ve never Installed CSF cause i read on a few Forums that it will not work so good with Plesk what so ever.

I´ve now found the Problem:
1) I´ve checked my syslog Conf File and have seen that one of my Partners had made some additions and made a little Syntax mistake at 2 Points. So now my Logging runs again fine.

I will check the Logs again if the IPtables Thing happen again. Btw: I´ve already have a s.sh for that. Its simply a Flushing Script for my iptables, so know that.

Have a nice day