• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Was someone trying to brute force?

K

kek

New Pleskian
Server operating system version
Ubuntu 22.04
Plesk version and microupdate number
18.0.59
Hi, I checked the Log Settings from Tools and Settings and got this under "System" tab:

https://imgur.com/qSSnR2A

Was someone trying to get in?
 
Sure, but that's just normal. Make sure you have the Fail2Ban jails activated so that brute-forcing won't succeed.
 
Peter Debik said:
Sure, but that's just normal. Make sure you have the Fail2Ban jails activated so that brute-forcing won't succeed.
Click to expand...
I actually have Plesk's web application firewall turned off but does turning it off also turns off fail2ban ?
 
WAF and Fail2Ban are independent and different things. Go to Tools & Settings > Security > IP Address Banning (Fail2Ban) to configure Fail2Ban.
 
Peter Debik said:
WAF and Fail2Ban are independent and different things. Go to Tools & Settings > Security > IP Address Banning (Fail2Ban) to configure Fail2Ban.
Click to expand...
"Enable Intrusion Detection" is enabled.

Another thing, what do I keep an eye on in the plesk dashboard and monitor in case someone continuously floods the server?

How do I know if there is a sudden increase in resources like CPU consumption in case something is down or someone is trying to attack?
 
kek said:
"Enable Intrusion Detection" is enabled.

Another thing, what do I keep an eye on in the plesk dashboard and monitor in case someone continuously floods the server?

How do I know if there is a sudden increase in resources like CPU consumption in case something is down or someone is trying to attack?
Click to expand...

@kek,

In all honesty, you should simply block specific ports for the sake of security.

For instance, if you are the sysadmin and the only one required to access SSH, then use Plesk Firewall Extension to allow you access and block ALL OTHERS.

For instance, if you see any (really) suspicious activity in Fail2Ban, then permanently block the offending IPs - not via Fail2Ban, but with the Plesk Firewall AND by means of Nginx or Apache blacklist AND by means of the hosts.deny file.

It is essential that you block any offending traffic, originating from a repetitively offending IP, on ALL server levels ...... and that you ban them longer as the number of offending requests (from an offending IP) increase - in the long run, you will ban a considerable number of IPs permanently : that is good!

I hope the above helps a bit.

Kind regards....
 
  • Like
Reactions: kek
You must log in or register to reply here.

Similar threads

brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
520
Maarten
M
K
Question Mail accounts simply missing
Replies
2
Views
560
Kaspar@Plesk
Kaspar@Plesk
EnriqueR
Resolved Problem when migrating subscription. Unhashable type list
Replies
8
Views
680
abdulsemiu
A
T
Resolved Spamassassin not working?
Replies
4
Views
957
TauTaude
T
E
Issue Plesk API / Commands
Replies
1
Views
177
Kaspar
K
Back
Top