Input Would you use a turnkey Plesk + CrowdSec extension? (gauging interest)

[BrunoA]

Server operating system version

Ubuntu 24.04.4 LTS

Plesk version and microupdate number

Plesk Obsidian 18.0.78.3

There are recurring threads here about running CrowdSec on Plesk, and about brute-force on the panel/webmail that Fail2Ban and the stock tools don't fully cover.

I've built a working Plesk + CrowdSec integration: custom parsers for the Plesk panel (8443/8880) and Roundcube webmail, plus the bouncer and auto-configuration. It's been running in production for ~2 months on a 34-domain server — ~5,000 attacks blocked (including ~2,150 .env and ~1,650 .git credential-theft probes), zero compromised sites.

Before deciding whether to release it as a proper extension, I'd like to gauge real interest. Would you use a turnkey Plesk + CrowdSec extension? Vote below, and feel free to comment what would matter most to you — per-domain controls, a managed blocklist, panel/webmail protection, pricing expectations, etc.

 

[presswizards]

I recently installed it via SSH and it's working great. Most of my client sites are behind Cloudflare, and I have mod_security enabled and some customized fail2ban bad-bot and WordPress rules, but one server has a large mix of older client sites, and kept getting hammered by bots still. Crowdsec is awesome, and was pretty easy to install and configure. It's blocking a ton of IPs based on the community lists, plus direct blocks based on the collections.

Then I was looking at cscli metrics and cscli decisions list, and decided to use Claude and cscli to create a little mini dashboard in PHP, separate from whatever the Crowdsec console provides, because I want something tighter and in one place, screenshot attached.

It'd be great to have a native Plesk extension, but I wouldn't pay for it unless it did something beyond the basics. I actually don't want per-domain controls, I like it to be server-wide as a strong foundational layer that I don't have to manage much.

 

[Kaspar]

CrowdSec is great and it definitely deserves a wider audience among the Plesk community. Although I have found CrowdSec to have a much steeper learning curve compared to fail2ban, its extensive feature set makes it a valuable security app. I really like that you're able to block/ban entire subnets as opposed to just single IPs for example. This kind of flexibility makes it a great competitor to fail2ban.

Creating a CrowdSec extension has been on my to-do list for a while as well, but, as with so many things, I haven't gotten around to doing so. My intention was to mainly create an extension to show/display actions and bans (decisions). Like what @presswizards has done with his custom dashboard. I would consider myself skilled enough to manually configure CrowdSec, so this wasn't on my feature list. But like I said, it has a steep learning curve and I think many users would appreciate an extension that helps them setup and configure CrowdSec.

 

[Maarten]

I've been using CrowdSec on my servers for years and have been very happy with it.

One thing to keep in mind is that CrowdSec is quite a bit more complex than Fail2Ban, which is what most Plesk administrators are familiar with. It's not something you can simply install and fully understand in an afternoon. There are multiple components, collections, scenarios, bouncers, and remediation options to consider.

Also, some CrowdSec features don't work out of the box on Plesk. For example, the self-unblock page for blocked visitors requires a custom implementation because of Plesk's Nginx setup.

That said, I'd definitely be interested in a turnkey Plesk + CrowdSec extension. I think it would lower the barrier to entry considerably and help more Plesk users benefit from CrowdSec without having to learn all the moving parts first.

 

[Bitpalast]

About CrowdSec I have hesitated to apply it here, because after all due to its nature it also opens an opportunity for third-parties to intrude the server. If Plesk themselves delivered an extension for a LOW monthly fee, I might consider it, because then there would be an additional layer of proof between CrowdSec and the Plesk environment.