• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Stopping Brute Force Attacks

D

DanTron

New Pleskian
After having a new MediaTemple (dv) 4.0 [Plesk 10.1.1] for less than a week my log files were being filled with ssh, ftp, pop3, imap, failed login attempts from IP addresses in China, Portugal, etc.

Brute Force attacks are becoming more and more common, yet Plesk 10 has no security against such attacks. Using strong passwords is a good idea but I can't enforce it for EVERY user and client... clients throw a hissy fit when they have to remember passwords like Fb*@<['-7e^( 8f

I've taken the next step and installed fail2ban to scan log files and ban IP addresses that are hammering my server.
I've got it working scanning the /var/log/secure file for failed sshd and proftpd attempts BUT

I can't find where the Plesk Admin Panel stores it's log of failed attempts. I want to ban IPs that may try to brute force the Admin Panel.

1) Where does Plesk store logs for the Admin Panel?

2) WHY is there not a system already in Plesk to help with this MAJOR issue?
There should be an fail2ban equivalent in Plesk with email notification to the system admin when someone is trying to hack their system.

Any help is greatly appreciated.
Cheers
 
Last edited:
I asked the same question a while ago with Plesk 9.5.

It seems plesk blocks failed admin login after 5 attempts. I never got told for how long though :-(
Hope that still applies..


Now i have switched to plesk 10, i just really would like to use fail2ban on ssh, ftp and mail.
 
Dan,
Where did you find the info on failed blocked attempts within Plesk?
I've tested Plesk 10.1.1 and it isn't blocking anything after any number of failed attempts... :-(
I'm trying to find a way to get fail2ban to also block failed login attempts against the Plesk Admin Panel but I can't find where Plesk stores the log files for that. :-/

Someone else has pointed me in the direction of
CSF http://configserver.com/cp/csf.html

or

APF http://www.rfxn.com/projects/advanced-policy-firewall/

which apparently have better Plesk integration than fail2ban...

I'm going to look into it.
 
Here's the thread where Igor replies with the 5 attempts block:

http://forum.parallels.com/showthread.php?t=107246

But this is for Plesk 9.5, and Igor usually is the man who knows what he is talking about..

But stupid me i never tested it...

But I'm hiring a linux Pro later on today or tomorrow to set up fail2ban for most of the failed logins, so i will keep you posted on what he says.
 
fail2ban does nothing for me, i keep getting pounded by this US ip and it's brute forcing Control Panel, it's way over 5 attempts and it's still not banning the attempts... I don't understand
 
Daryl,
fail2ban is more than a bit tricky to setup properly.

Where are you finding the log files showing the attempts against the Plesk Control Panel?

Also, have you thought about reporting the IP? Typically it's a hacked computer and the owners don't know it's been hacked until you report it.
 
You must log in or register to reply here.

Similar threads

andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
144
andreios
andreios
T
Resolved SECURITY - attack surface : ports 7080 and 7081
2
Replies
30
Views
11K
2dareis2do
2
O
Resolved Brute Force Attack
Replies
9
Views
2K
Maarten.
M
brother4
Input Plesk Fail2Ban: Integration for AbuseIPDB
Replies
2
Views
907
Kaspar
K
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
2K
The 8th
The 8th
Back
Top