Facebook
Twitter
markcarsonboxz
New Pleskian
I like to keep an eye on things on the server, particularly log files.
In the /usr/local/psa/admin/logs/httpsd_access_log file in my installation, I have 1000s of the following:
I'm not particularly concerned that there is an effort to attempt to brute-force the admin password for Plesk, since it seems there is one attempt every 3 minutes. My password is not in any dictionary as I have made a determined attempt at producing a very strong password that takes around 5mins for me to calculate using an equation.
Anyway, if in about 500 years, the beast gets my password, it will undoubtedly discover that his ip cannot get in (at least I hope so)
It is just annoying that, no matter how much is done to prevent this kind of hacking attempt, it just keeps re-appearing! Is there anything I can do to prevent this current attempt?
(I am planning the upgrade of Plesk to 9.5.2)
_____________
Edit: 24 hours later with Plesk updated to 9.5.2, some additional iptables rules and modifications to sysctl and the attacks are still occurring; now with random passwords...
Is there anyone with any ideas as to how to at least find out the source ip, so this can be blocked at least to stop the log size increasing and with my recent changes to ossec, more emails...?
My VPS provider does not provide the facility within iptables to use LOG!!?? for whatever reason. I am researching other methods.
In the /usr/local/psa/admin/logs/httpsd_access_log file in my installation, I have 1000s of the following:
I'm not particularly concerned that there is an effort to attempt to brute-force the admin password for Plesk, since it seems there is one attempt every 3 minutes. My password is not in any dictionary as I have made a determined attempt at producing a very strong password that takes around 5mins for me to calculate using an equation.
Anyway, if in about 500 years, the beast gets my password, it will undoubtedly discover that his ip cannot get in (at least I hope so)
It is just annoying that, no matter how much is done to prevent this kind of hacking attempt, it just keeps re-appearing! Is there anything I can do to prevent this current attempt?
(I am planning the upgrade of Plesk to 9.5.2)
_____________
Edit: 24 hours later with Plesk updated to 9.5.2, some additional iptables rules and modifications to sysctl and the attacks are still occurring; now with random passwords...
Is there anyone with any ideas as to how to at least find out the source ip, so this can be blocked at least to stop the log size increasing and with my recent changes to ossec, more emails...?
My VPS provider does not provide the facility within iptables to use LOG!!?? for whatever reason. I am researching other methods.
Last edited:
