Plesk 12.x / Linux :: Fail2ban Default Blocking Port

Feb 11, 2015

i'm running 12.0.18#34 on PCS dedicated server. i recently discovered that some of the default jails on fail2ban that is shipped with Plesk 12 were not working correctly. Let me explain what i mean. For instance, the plesk-panel jail. The logs were parsed correctly, the command was successfully appended in iptables list, the fail2ban log was updated. Still, the intruder was not blocked. I kept reading "already banned" on the fail2ban.log but actually there was no blocking.

After some checks, i found out that fail2ban default configuration states SSH as default blocking port.
that means, the block was working but only for ssh hits. thus the plesk-panel admin page hits were passing through.

since i added port=http,https on jail.local > plesk-panel and did it a restart on fail2ban service, only then did it start to actually block incoming hits.

I think this should be verified by programmers group and maybe include a fix in some future minor update.

View 1 Replies


ADVERTISEMENT

Plesk 12.x / Linux :: Firewall Keeps Blocking Port 25 And Passive FTP Ports

Mar 1, 2015

I have some issues with the plesk firewall:

1. Emails are not delivered:

From some reasons, plesk is blocking incoming 25 port (in plesk shows opened, but it's not)My emails are delivered trough port 25, after doing some tests ( i've sent some emails to an email account hosted in the server) there was no email in the roundcube inbox! All emails were blocked...

a) Firewall was blocking the port 25 on server restart.
b) I have succesfully unblocked it from plesk manager -> tools -> edit/change -> even if i didn't change anything, i saved the "changes" and in my roundcube inbox i recived all the test emails.
c) In /var/log/maillog there is no error.

2. Passive FTP gets blocked in the same way, to successfully connect FireFTP on passive mode i need to repeat 1.b steps even if i've created a special rule to prevent the blocking, opening 49152-65534 ports and set PassivePorts 49152 65534 in /etc/proftpd.conf

The issue appears randomly, because in the last 5 days i didn´t restart the server, the last time i checked it worked. Today, without touching anything, firewall blocked my passive FTP and I had probmels reciving emails from gmail, yahoo etc...

View 2 Replies View Related

Plesk 12.x / Windows :: Migration Manager - Set Non Default RDP Port

Dec 30, 2014

Is it possible in migration manager set a non default RDP port?

View 1 Replies View Related

Plesk 11.x / Windows :: Change Panel Default Port 8443

Jan 23, 2014

I have a Windows VPS with Plesk panel. Windows Server 2008 R2 with plesk panel version 11.5.30.

I tried to change the default plesk panel port (8443) to eg (1234) without any success.

The steps i followed are the following:
1) Firewall -> Inbound rule -> allow for port 1234
2) Firewall, Disable inbound rule for port 8443
3) IIS, PleskControlPanel, Bindings: changed binding from 8443 to 1234.

Now i type on browser: [URL] .... and while its loading after some seconds redirects me to [URL] ...

View 6 Replies View Related

Plesk 12.x / Linux :: Fail2ban Does Not Ban On All IPs?

Aug 31, 2014

I activated fail2ban in Plesk 12 and set the SSH jail to ban after 2 retries for 24h on all ports.

This is the generated "/etc/fail2ban/jail.local":

Code:
[ssh]
enabled = true
maxretry = 2
action = iptables-allports[name=ssh]

I tested it and I'm only banned on the IP of SSH (I have one only for SSH and the Plesk panel).

I have 10 IPs in total on my server. I can still access all other IPs, i.e. my websites.

Why does fail2ban not block me completely?

View 13 Replies View Related

Plesk 12.x / Linux :: How To Reinstall Fail2Ban Entirely

May 7, 2015

So on our server, fail2ban got itself in a mess. Tried various things to fix, to no avail, so figured I'd just do a fresh install of it. There was minimal customisation to it that I couldn't re-do.

Note I'd already rm'd /etc/fail2ban - as on previous attempts, the files in here didn't appear to be restored to their defaults. So I figured removing the directory would force this to happen (Whether this was wise I'm not sure!) ;-)

So, following instructions here: [URL] .... I now get the following:

# wget http://kb.sp.parallels.com/Attachments/kcs-36245/fail2ban.gz
# gunzip fail2ban.gz
# mv fail2ban /etc/init.d/fail2ban
# chmod 755 /etc/init.d/fail2ban
# ll /etc/init.d/fail2ban /etc/fail2ban/fail2ban.conf
ls: cannot access /etc/fail2ban/fail2ban.conf: No such file or directory
-rwxr-xr-x 1 root root 2141 Aug 15 2014 /etc/init.d/fail2ban

I then uninstall/reinstall with # /usr/local/psa/admin/bin/autoinstaller

(Have tried via the web interface too)

I then get:

# ll /etc/init.d/fail2ban /etc/fail2ban/fail2ban.conf
ls: cannot access /etc/fail2ban/fail2ban.conf: No such file or directory
-rwxr-xr-x 1 root root 2141 Aug 15 2014 /etc/init.d/fail2ban

i.e., no change..

and if I go to the fail2ban settings in Plesk, I get:

Internal error: f2bmng failed: ERROR:f2bmng:No section: 'Definition'
Message f2bmng failed: ERROR:f2bmng:No section: 'Definition'

Is there a way to regenerate what should be in /etc/fail2ban by default?

View 4 Replies View Related

Plesk 12.x / Linux :: Cannot Add New Filter To Fail2ban

Aug 12, 2014

I am not able to add a new filter to fail2ban

If I go in plesk panel to: Home > Tools & Settings >IP Address Banning > Jails > managing Filters > add filter > type in name & filtercontent and save I get "Information: The jail filter was added". But i can not see the new added filter in the Plesk Filter List (still just the 12 Filters in the list).

On the filesystem > /etc/fail2ban/filter.d/ i can see the new file but with the extension .local - usulay the file is named like xyz.conf

The output of /usr/local/psa/admin/sbin/f2bmng --get-filters-list

[["apache-auth", "fail2ban"], ["apache-badbots", "fail2ban"], ["apache-common", "fail2ban"],
["common", "fail2ban"], ["plesk-courierlogin", "plesk-fail2ban-configurator"],
["plesk-dovecot", "plesk-fail2ban-configurator"], ["plesk-horde", "plesk-fail2ban-configurator"],
["plesk-panel", "plesk-fail2ban-configurator"], ["plesk-qmail", "plesk-fail2ban-configurator"],
["plesk-roundcube", "plesk-fail2ban-configurator"], ["postfix-sasl", "fail2ban"],
["proftpd", "fail2ban"], ["recidive", "fail2ban"], ["sshd", "fail2ban"], ["test", null]]

test is the name i choosed for the new filter and it seems the second field has "null" .....

View 1 Replies View Related

Plesk 12.x / Linux :: Fail2Ban Don't Lock IP

Jul 14, 2014

we have a brute force attack:

Code:

188.132.180.106 - - [14/Jul/2014:22:03:37 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:38 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:38 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:39 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"

[code]....

And so on, but the Fail2Ban doesn't lock this ip address, why? And how can we manually lock about the webinterface this ip?

View 1 Replies View Related

Plesk 12.x / Linux :: How To Add Action To Fail2ban

Aug 10, 2014

Well with activated apache-badbots jails I have in a short time a hugh amount of banned IPs. Usualy action for this is to use iptables-ipset-proto and save all this baned IPs in the ipset insteed as normal in the iptables list - thats also a suggestion which was discussed in the fail2ban forum for better performance. And yes I had this running (ipset package installed) with my manual installation of fail2ban before I switched over to the plesk integrated.

action = iptables-ipset-proto6[name=BadBots, port="http,https,7080,7081"] insteed of action = iptables-multiport[name=BadBots, port="http,https,7080,7081"]

So how can I add iptables-ipset-proto4.conf, iptables-ipset-proto6-allports.conf, iptables-ipset-proto6.conf to the plesk version of fail2ban??

View 4 Replies View Related

Plesk 12.x / Linux :: Fail2ban - Block IP Too Short

Mar 26, 2015

I have the problem that the ip blocked "failban" too short (set findtime=1800).

The ip should be blocked for 30 minutes (the second time).

2015-03-23 22:24:59,779 fail2ban.filter [2807]: INFO Set maxRetry = 5
2015-03-23 22:24:59,780 fail2ban.filter [2807]: INFO Set findtime = 1800
2015-03-23 22:24:59,781 fail2ban.actions[2807]: INFO Set banTime = 600

2015-03-27 04:50:56,209 fail2ban.actions[2807]: WARNING [ssh] Ban 195.xxx.xxx.xxx
2015-03-27 05:00:56,913 fail2ban.actions[2807]: WARNING [ssh] Unban 195.xxx.xxx.xxx
2015-03-27 05:09:05,483 fail2ban.actions[2807]: WARNING [ssh] Ban 195.xxx.xxx.xxx
2015-03-27 05:19:06,153 fail2ban.actions[2807]: WARNING [ssh] Unban 195.xxx.xxx.xxx
2015-03-27 05:35:39,317 fail2ban.actions[2807]: WARNING [ssh] Ban 195.xxx.xxx.xxx
2015-03-27 05:45:40,012 fail2ban.actions[2807]: WARNING [ssh] Unban 195.xxx.xxx.xxx

View 2 Replies View Related

Plesk 12.x / Linux :: Fail2ban - Unable To Disable

Sep 2, 2014

I setup and enable fail2ban by Plesk 12 (tools and settings). What happens is, few days after i am unable to access this option again. I got time out

I've tried to disable by ssh "fail2ban-client stop" and nothing... the command become loading and never conclude,

how to remove or stop fail2ban ?

View 6 Replies View Related

Plesk 12.x / Linux :: Add List Of IP In Fail2ban Whitelist?

Feb 4, 2015

I would find an easy way to add a list of IP in Fail2ban whitelist in linux console.What is the file to modify ? Is there a command line or a process ?

View 4 Replies View Related

Plesk 12.x / Linux :: Fail2ban Empty Logs

Apr 22, 2015

In the fail2ban module of plesk is a tab for "logs".

Here you can view Fail2ban logs.

No items found.Click to expand...

View 6 Replies View Related

Plesk 12.x / Linux :: Fail2Ban - Jails Are All Inactive

Jun 29, 2015

I was wondering why all the jails in fail2ban are inactive..

Do I need to enable all of them? or there's only a specific list that is useful?

View 8 Replies View Related

Plesk 12.x / Linux :: Permanently Ban Repeat IPs With Fail2ban

Feb 11, 2015

How to set a permanent ban per IP in Fail2ban?? I have banned continuously some IPs with recidibe and I need put this IPs in a permanent blacklist.

View 1 Replies View Related

Plesk 12.x / Linux :: Fail2Ban - Installation Will Not Continue

May 18, 2015

Ubuntu 10.04.4 LTS

12.0.18 Update #46, last updated at May 15, 2015 03:57 AM

Just recently (after update #46) Fail2Ban stopped working and I couldn't restart it or pin point the reason behind it. I decided to uninstall F2B component via Plesk installer.

F2B uninstalled however when I try to install it again I get error : 'Installation will not continue'

Where to start and where can I find log files that could give me some clues?

View 18 Replies View Related

Plesk 12.x / Linux :: Fail2ban Does Not Work After Upgrade To 12.0.18?

Jun 30, 2014

Since upgrading to 12.0.18 Update # 5 fail2ban stopped working.

Code:
[nimda4597@xxxx fail2ban]# service fail2ban status
fail2ban-server (pid 1881) is running...
Status

[Code].....

View 8 Replies View Related

Plesk 12.x / Linux :: Fail2ban Install Failed

Apr 25, 2015

I installed fail2ban via the autoinstaller today. I got a failed install. There is no /etc/init.d/fail2ban file, and no /usr/bin/fail2ban-server.

On the other hand yum-search tells me it's installed:

plesk-fail2ban-configurator.noarch : plesk-specific jails and filters for fail2ban
fail2ban.noarch : Scan logfiles and ban ip addresses with too many password failures​

I tried to remove it in autoinstaller:

Installing packages
Loaded plugins: fastestmirror, priorities
Running rpm_check_debug
Error in PREUN scriptlet in rpm package fail2ban

[Code] .....

View 1 Replies View Related

Plesk 12.x / Linux :: Fail2ban Errors In Log After Domain Change

Feb 4, 2015

After changing website domain name (from development one -dev-domain.com- to production one) we have this error in fail2ban.log :

2015-02-01 06:46:41,176 fail2ban.filter [2848]: ERROR Unable to open /var/www/vhosts/system/dev-domain.com/logs/proxy_access_log
2015-02-01 06:46:41,176 fail2ban.filter [2848]: ERROR [Errno 2] No such file or directory: '/var/www/vhosts/system/dev-domain.com/logs/proxy_access_log'
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/server/filter.py", line 520, in getFailures
has_content = container.open()
File "/usr/lib/python2.7/dist-packages/server/filter.py", line 601, in open
self.__handler = open(self.__filename)
IOError: [Errno 2] No such file or directory: '/var/www/vhosts/system/dev-domain.com/logs/proxy_access_log'

View 3 Replies View Related

Plesk 12.x / Linux :: Fail2Ban - File Contains Parsing Errors

Sep 18, 2014

When I click on the "Change settings" button for any of my jails a page opens showing the following error message:

Messagef2bmng failed: ERROR:f2bmng:File contains parsing errors: /etc/fail2ban/action.d/iptables-multiport-log.conf [line 24]: 'iptables -N fail2ban-<name>-log
' [line 26]: 'iptables -A fail2ban-<name>-log -j DROP
' [line 33]: 'iptables -F fail2ban-<name>
' [line 34]: 'iptables -F fail2ban-<name>-log
' [line 35]: 'iptables -X fail2ban-<name>
' [line 36]: 'iptables -X fail2ban-<name>-log
'
FileAgent.php
Line243
TypePleskUtilExceptionClick to expand...

View 5 Replies View Related

Plesk 12.x / Linux :: How To Setup Fail2ban For Admin Access

Feb 3, 2015

I have just looked at the plesk panel log - /usr/local/psa/admin/logs/panel.log - and seen an alarming number of attempts to access plesk using the admin user. i.e.

[2015-02-02 14:53:46] ERR [panel] [Action Log] Failed login attempt with login 'admin' from IP 50.62.148.176

I have fail2ban installed and set up for other things...

View 2 Replies View Related

Plesk 12.x / Linux :: Fail2Ban Menu Item Missing

Jul 3, 2014

I have updated from 11.5 to 12.0 mostly in order to use Fail2Ban.

I have also installed a new Plesk 12 license key to make sure that the license allows Fail2Ban. It says now that Fail2Ban is "On". But I can not find the menu entry to get to the Fail2Ban configuration. It is simply not there... (it is supposed to be in the Securitiy menu in the Tools and Settings section...)

View 1 Replies View Related

Plesk 12.x / Linux :: Fail2ban Setting Findtime Per Jail

Jul 14, 2014

In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.

You could have 2 jail with same filter but different findtime. Example:

Jail 1) 5 failures in 600 seconds: 1800 seconds ban
Jail 2) 30 failures in 86400 seconds: 604800 seconds ban

There are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.

See the example, live time :
[root@--------- log]# cat /var/log/maillog | grep 'warning: ---------'
Jul 14 07:10:54 --------- postfix/smtpd[5482]: warning: ---------[--.--.--.---]: SASL LOGIN authentication failed: authentication failure
Jul 14 07:54:16 --------- postfix/smtpd[4782]: warning: ---------[--.--.--.---]: SASL LOGIN authentication failed: authentication failure

[Code] .....

View 2 Replies View Related

Plesk 12.x / Linux :: Fail2Ban - Can't Get To Menu To Change Settings

Jul 15, 2014

When I click /admin/server-protection/settings/ It takes me to the main page with a message saying

Code:

Error: Unable to encode IDN email address '': email address is invalid

Plesk 12.0.18 on a CentOS server.

View 2 Replies View Related

Plesk 12.x / Linux :: Failed To Start Fail2ban Service

Aug 20, 2014

Code:

Fehler: f2bmng failed: Job for fail2ban.service failed. See 'systemctl status fail2ban.service' and 'journalctl -xn' for details.
ERROR:f2bmng:Failed to start fail2ban service

-- Unit fail2ban.service has failed.
--
-- The result is failed.

Aug 20 14:22:13 noreply.flusiserver.de systemd[1]: Unit fail2ban.service entered failed state.
Aug 20 14:22:14 noreply.flusiserver.de agetty[14140]: /dev/hvc0: No such file or directoryClick to expand...

View 13 Replies View Related

Plesk 12.x / Linux :: No Logs For Fail2ban - File Is Empty

Dec 11, 2014

I'm just wondering how I can start logging activity in Fail2Ban. I've got the following line in the "logs" tab in "IP Address Banning" in the Plesk UI:

/var/log/fail2ban.log

However when I check this it states "The file is empty".

I'm assuming there will be a setting somewhere that tells fail2ban to log to that file but I'm not sure where/what it is?

I know for sure that I've had IP's banned but they just don't appear to be logged.

View 7 Replies View Related

Plesk 11.x / Linux :: Fail2ban Not Working With Http-get-dos Rule

Mar 23, 2015

I have fail2ban and try to install http-get-dos rule. but I have no way to make it work.

Here are my files :

# cat /etc/fail2ban/filter.d/http-get-dos.local
[Definition]
failregex = ^<HOST>.*"GET
ignoreregex =

[Code] ....

Then, when I start fail2ban, I have this thing :

2015-03-24 00:33:25,473 fail2ban.jail [7070]: INFO Creating new jail 'http-get-dos'
2015-03-24 00:33:25,473 fail2ban.jail [7070]: INFO Jail 'http-get-dos' uses Gamin
2015-03-24 00:33:25,474 fail2ban.jail [7070]: INFO Initiated 'gamin' backend
2015-03-24 00:33:25,475 fail2ban.filter [7070]: INFO Added logfile = /var/www/vhosts/mydomain1/logs/access_log
2015-03-24 00:33:25,476 fail2ban.filter [7070]: INFO Added logfile = /var/www/vhosts/mydomain2/logs/access_log

[Code] ....

So, I do not understand where is coming from the set max... then, in my iptables, I have all the Chains, but not the http-get-dos one :

# iptables -L | grep Chain | grep dos

and finally, I made some stress test, geneating more than 5000hits in 5 min, and no luck, nothing.

If I run failregex :

# fail2ban-regex /var/www/vhosts/mydomain1/logs/access_log /etc/fail2ban/filter.d/http-get-dos.local

Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/http-get-dos.local
Use log file : /var/www/vhosts/mydomain1/logs/access_log

Results
=======
Failregex: 55044 total
|- #) [# of hits] regular expression
| 1) [55044] ^<HOST>.*"GET
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
| [55429] Day/MONTH/Year:Hour:Minute:Second
`-

Lines: 55429 lines, 0 ignored, 55044 matched, 385 missed
Missed line(s): too many to print. Use --print-all-missed to print all 385 lines

Did I miss something in fail2ban configuration ? is there any pb to add custom rule to fail2ban in plesk ?

View 4 Replies View Related

Plesk 12.x / Linux :: Unable To Get Fail2Ban SASL Filter To Work

Dec 3, 2014

I'm getting the following attempts every few minutes, I'd to put a stop to it with Fail2Ban but so far I've been unsuccessful. I get no IP bans in the Fail2Ban panel in Plesk 12.

Dec 3 23:24:14 XXX postfix/smtpd[2535]: warning: ca215.calcit.fastwebserver.de[146.0.42.84]: SASL LOGIN authentication failed: authentication failure

/etc/fail2ban/filter.d/sasl.conf
# Fail2Ban filter for postfix authentication failures
#
[INCLUDES]

[Code]....

View 5 Replies View Related

Plesk 12.x / Linux :: Local IP Address Blocked By Feature Fail2ban

Jul 23, 2014

There is a strange problem with the new feature fail2ban. I have noticed that a local ip address (ip address from the webserver itself) was added to the blocked ip addresses of fail2ban now for the second time. What I can see is that it was the recidive jail.

If there is nginx used as reverse proxy you get a "502 Bad Gateway". Any way to find out more about the reason why an ip address is added to the list of blocked ip addresses in fail2ban?

View 2 Replies View Related

Plesk 12.x / Linux :: Fail2ban Blocks Courierimap And Postfix For No Reason

Dec 3, 2014

we use CentOS Linux 7.0.1406 (Core) Plesk Version 12.0.18 Update #26 I got reports of several users on my system, and i can confirm this myself, that fail2ban is blocking courier imap and postfix connections when i try to connect to the Plesk Server with Outlook 2013 and theBat and the Apple Mac Mail Client.

I used the correct login information but fail2ban blocked the IPs for no obvious reason:

Code:

2014-12-03 12:46:57,908 fail2ban.actions[920]: WARNING [plesk-postfix] Ban 82.134.94.102
2014-12-03 12:46:58,049 fail2ban.actions[920]: WARNING [plesk-courierimap] Ban 82.134.94.102
I disabled the two jails now and it works perfectly. But why is fail2ban blocking valid requests ? I tried it myself and i did not enter a wrong password or something. MaxRetry is 5 so this should not be a problem. The problem is not affecting all users but just a few. However all of them are using correct credentials so i dont understand why they are being blocked at all.

View 1 Replies View Related

Plesk 12.x / Linux :: Unable To Enable Recidive Jail In Fail2Ban

Oct 22, 2014

I am not able to enable the recidive jail in Fail2Ban. I get the following error:

Code:
Unable to switch on the selected jails: f2bmng failed: WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
ERROR No file(s) found for glob /var/log/fail2ban.log
ERROR Failed during configuration: Have not found any log file for recidive jail
ERROR:f2bmng:Command '['/usr/bin/fail2ban-client', 'reload', 'recidive']' returned non-zero exit status 255
ERROR:f2bmng:Failed to reload following jails due to errors in configuration: recidive
.
There is indeed no /var/log/fail2ban.log, but I doubt that manually creating it will correctly fix this problem.

The problem is also discussed @ [URL] ...., but in my case I have not switched on jails before switching on fail2ban. Also, the given resolution does not work.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved