• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Was someone trying to brute force?

K

kek

New Pleskian
Server operating system version
Ubuntu 22.04
Plesk version and microupdate number
18.0.59
Hi, I checked the Log Settings from Tools and Settings and got this under "System" tab:

https://imgur.com/qSSnR2A

Was someone trying to get in?
 
Sure, but that's just normal. Make sure you have the Fail2Ban jails activated so that brute-forcing won't succeed.
 
Peter Debik said:
Sure, but that's just normal. Make sure you have the Fail2Ban jails activated so that brute-forcing won't succeed.
Click to expand...
I actually have Plesk's web application firewall turned off but does turning it off also turns off fail2ban ?
 
WAF and Fail2Ban are independent and different things. Go to Tools & Settings > Security > IP Address Banning (Fail2Ban) to configure Fail2Ban.
 
Peter Debik said:
WAF and Fail2Ban are independent and different things. Go to Tools & Settings > Security > IP Address Banning (Fail2Ban) to configure Fail2Ban.
Click to expand...
"Enable Intrusion Detection" is enabled.

Another thing, what do I keep an eye on in the plesk dashboard and monitor in case someone continuously floods the server?

How do I know if there is a sudden increase in resources like CPU consumption in case something is down or someone is trying to attack?
 
kek said:
"Enable Intrusion Detection" is enabled.

Another thing, what do I keep an eye on in the plesk dashboard and monitor in case someone continuously floods the server?

How do I know if there is a sudden increase in resources like CPU consumption in case something is down or someone is trying to attack?
Click to expand...

@kek,

In all honesty, you should simply block specific ports for the sake of security.

For instance, if you are the sysadmin and the only one required to access SSH, then use Plesk Firewall Extension to allow you access and block ALL OTHERS.

For instance, if you see any (really) suspicious activity in Fail2Ban, then permanently block the offending IPs - not via Fail2Ban, but with the Plesk Firewall AND by means of Nginx or Apache blacklist AND by means of the hosts.deny file.

It is essential that you block any offending traffic, originating from a repetitively offending IP, on ALL server levels ...... and that you ban them longer as the number of offending requests (from an offending IP) increase - in the long run, you will ban a considerable number of IPs permanently : that is good!

I hope the above helps a bit.

Kind regards....
 
  • Like
Reactions: kek
You must log in or register to reply here.

Similar threads

T
Resolved Spamassassin not working?
Replies
4
Views
392
TauTaude
T
C
Issue Brute Force Attack - Postfix - Mail
Replies
3
Views
664
mow
M
Powie
Issue Bad Gateway - nginx - IPv6 only
Replies
2
Views
183
Powie
Powie
C
Issue Performance booster not showing under domains > dev tools
Replies
6
Views
502
Peter Debik
P
PeopleInside
Question Sophos Anti-Virus for Servers can now be installed via Plesk but how to use?
Replies
0
Views
139
PeopleInside
PeopleInside
Back
Top