Facebook
Twitter
tkalfaoglu
Silver Pleskian
Hi there. I recently discovered some attacks that are connecting to a TCP port on the server, which it turns out is a virus planted into a few wordpress sites.
Apart from cleaning this mess up, I also wrote some iptables rules to permit connections only to wanted ports, and block everything else, I put them in /etc/rc.local
I do NOT have plesk firewall enabled; but I do have fail2ban running.
However, the rules in rc.local override fail2ban right now. I mean, something like
iptables -A INPUT -i eth0 -p tcp --destination-port 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 80 -j ACCEPT
(....)
iptables -A INPUT -i eth0 -p tcp -j DROP
in rc.local overrides fail2ban and fail2ban cannot do its work - that is all port 25,80 accesses are permitted even if fail2ban bans them.
What do you suggest I do?
Many thanks, -turgut
Apart from cleaning this mess up, I also wrote some iptables rules to permit connections only to wanted ports, and block everything else, I put them in /etc/rc.local
I do NOT have plesk firewall enabled; but I do have fail2ban running.
However, the rules in rc.local override fail2ban right now. I mean, something like
iptables -A INPUT -i eth0 -p tcp --destination-port 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 80 -j ACCEPT
(....)
iptables -A INPUT -i eth0 -p tcp -j DROP
in rc.local overrides fail2ban and fail2ban cannot do its work - that is all port 25,80 accesses are permitted even if fail2ban bans them.
What do you suggest I do?
Many thanks, -turgut
Last edited:
