• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question Was someone trying to brute force?

kek

New Pleskian
Server operating system version
Ubuntu 22.04
Plesk version and microupdate number
18.0.59
Hi, I checked the Log Settings from Tools and Settings and got this under "System" tab:


Was someone trying to get in?
 
Sure, but that's just normal. Make sure you have the Fail2Ban jails activated so that brute-forcing won't succeed.
 
Sure, but that's just normal. Make sure you have the Fail2Ban jails activated so that brute-forcing won't succeed.
I actually have Plesk's web application firewall turned off but does turning it off also turns off fail2ban ?
 
WAF and Fail2Ban are independent and different things. Go to Tools & Settings > Security > IP Address Banning (Fail2Ban) to configure Fail2Ban.
 
WAF and Fail2Ban are independent and different things. Go to Tools & Settings > Security > IP Address Banning (Fail2Ban) to configure Fail2Ban.
"Enable Intrusion Detection" is enabled.

Another thing, what do I keep an eye on in the plesk dashboard and monitor in case someone continuously floods the server?

How do I know if there is a sudden increase in resources like CPU consumption in case something is down or someone is trying to attack?
 
"Enable Intrusion Detection" is enabled.

Another thing, what do I keep an eye on in the plesk dashboard and monitor in case someone continuously floods the server?

How do I know if there is a sudden increase in resources like CPU consumption in case something is down or someone is trying to attack?

@kek,

In all honesty, you should simply block specific ports for the sake of security.

For instance, if you are the sysadmin and the only one required to access SSH, then use Plesk Firewall Extension to allow you access and block ALL OTHERS.

For instance, if you see any (really) suspicious activity in Fail2Ban, then permanently block the offending IPs - not via Fail2Ban, but with the Plesk Firewall AND by means of Nginx or Apache blacklist AND by means of the hosts.deny file.

It is essential that you block any offending traffic, originating from a repetitively offending IP, on ALL server levels ...... and that you ban them longer as the number of offending requests (from an offending IP) increase - in the long run, you will ban a considerable number of IPs permanently : that is good!

I hope the above helps a bit.

Kind regards....
 
  • Like
Reactions: kek
Back
Top