In plesk I have set the ssh rule to allow from source, deny others and added my IP. However, if I connect my PC to my work VPN, I can still login via ssh, even when I am on a different IP as the allowed IP
View 18 RepliesI am experiencing a weird issue after a Plesk upgrade (from 11 to 12, installed on Ubuntu 12.04).
FTP/SFTP is not working for all users in one specific domain. When using the latest Filezilla client, I receive the following error when I try to connect in SFTP with the main user of this domain
Error: Received unexpected end-of-file from SFTP server
Error: Could not connect to serverClick to expand...
When I modify rules using the firewall panel it is not generating rules correctly when selecting allow from selected sources deny from others.
View 2 Replies View RelatedI temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
I am running Plesk 12 . Centos 6.5
I have Plesk Firewall Installed.
After the Plesk Firewall was enabled the FTP Stopped working in passive Mode.
I searched the net and found the following :
Code:
/etc/sysconfig/iptables-config and change the line with IPTABLES_MODULES to: IPTABLES_MODULES="ip_conntrack_ftp"
It started working.
I changed the default FTP port from proftpd.conf
Code:
port 2392
and /etc/services
Code:
ftp 2392/tcp
ftp 2392/udp fsp fspd
I allowed the new port in Plesk Firewall in Incoming connection and disabled port 21
Now I am not able to connect to the ftp, I get the following error. Have I missed anything ?
Code:
Response:257 "/" is the current directory
Command:TYPE I
Response:200 Type set to I
Command:PASV
Response:227 Entering Passive Mode (85,25,51,34,216,46).
Command:MLSD
Error:Connection timed out
Error:Failed to retrieve directory listing
When I deny all other traffic for the "System policy for incoming traffic" to secure the server by only allowing the explicit ports I've requested to open, my server stops operating correctly.
It appears when I set the "System policy for incoming traffic" to deny, it appears to be disrupting various functions such as web traffic over ports 80/443, FTP, SSH, they either work extremely slow or don't work at all.
I brought this up with my Plesk license provider and they stated that the Plesk firewall doesn't add any tracking for ephemeral ports, therefore if you set the policy to drop for incoming/outgoing, it's not going to allow proper TCP communication since the return socket can't be opened. Also that the firewall is an explicit deny system rather than explicit allow based system.
Am I doing something wrong? All I want to do is to block all ports other than the ones I've set to allow. Is this how it is supposed to work?
I would like to deny access to .log
View 1 Replies View Relatedi have plesk 11.5.3 on Linux centOS 6, I created a ftp user on a domain folder, I need to deny this user to read a specific file .php, how can I do?
View 7 Replies View RelatedDo you have any recommendation for an open-source firewall running on Unix which could do:
- Filter and redirect incoming (with exception for some IP).
- Filter outgoing port (with exception for some local IP or MAC).
- Monitoring incoming traffic
- Monitoring outgoing traffic
- Block access from external to a list of IP
- Proxy authentification
- VPN configuration
I search for 2 days now and nothing seems to respond to these requirements. It's for a local network.
I have the latest centos 7 and plesk 12 installed on a dedicated server and i wish to add a new IP to use on a specific website. However, when I am trying to add the IP in plesk i am getting the following error:
Code:
Error: ifmng failed: sh: /sbin/ifconfig: No such file or directory /sbin/ifconfig 'eth0:1' '85.214.93.196' netmask '255.255.255.255' up exited with non-zero status 127
I have read somewhere on the forum that installing iptables can fix this but cents 7 is using the new firewald and i am wondering if in the future such a change will not affect the well being of the overall server.
Is there any solution to this problem or will there be a fix from Plesk in the near future ?
Currently i'm running a server with 12 customers on it. They all have their own domainnames and subscriptions. One of them wants to secure his site with SSL and also his mail traffic. Currently he is using the mail.hisdomain.com server for receiving/sending e-mail. I want to install a certificate so that domain is secured. How can i accomplish this?
When i look on the server there is only 1 PEM file for the whole server. If i'm going to install his KEY and CRT in that file than all my clients will use that certifcate right? Can i make it so that only his domain uses thoses certifcates? Plesk is configured to use Postfix with Courier.
I want to reject all email traffic from the internet except those as below can send mail to my Plesk server :
+ my antispam ( smarthost ) with IP ( a.b.c.d )
+ all my user in the plesk server with authentication
So i plan to set SPF checking on to Reject mail if SPF does not resolve to pass but
1. can't find option to whitelist my smarthost IP Is that option Local Rule: " v=spf1 ip4=a.b.c.d -all "
2. all of my user do not affected by the "Reject mail if SPF does not resolve to pass " right ?
I'm trying to use spamfilter to block mail from specific address, adding this e-mail to spamfilter in mail account settings, but it doesn't work. In logs I see:
spamc[13430]: skipped message, greater than max message size (256000 bytes).
OS: Plesk 12 / Ubuntu 14
A domain on my Plesk does not receive incoming emails from a specific external domain. Other domains on the same server are receiving correctly emails from the same external domain. DNS are configurated by the same way (external of Plesk). Can't see a bounce anywhere. External sender does not receive a bounce too...
So:
- I've deleted the domain in Plesk and re-created it (just in case...).
- I've added the external sender in spam whitelist (I've tried in user conf and in server wide conf)
- When I send mail to a different address in the same server, I can see the mail in syslog and maillog (send or bounced)
- When I send from this external f***** domain to my domain, I can't see anything in syslog and maillog
I'm using Plesk 11.5.50 CentOS 6.5 64bit with Qmail. I have installed a SSL certificate on mail server "mail.company.tld" and is running successfully with smtp/pop3/imap4 daemon. Every user agent uses "mail.company.tld" for smtp/pop3/imap4. The qmail name is "mail.company.tld" (file me). The server has about 300 domains and 1000 accounts.
Now we want to add a new SSL certificate, called "mail.newcompany.tld", and use it only for certain domains. I would like to know if is possible to use the new SSL "mail.newcompany.tld" for a specific mail domain without using the old SSL "mail.company.tld" that isn't expired yet. From Plesk Panel I haven't found a section for using the SSL for a specific mail domain.
I have setup Nginx to serve static pages. I cache some pages and therefor they are static and should be served by Nginx. Now, how can i check if a specific page actual was served by Nginx and not Apache?
View 1 Replies View RelatedHow can I remove a few "server { }" blocks from the file "/etc/nginx/plesk.conf.d/server.conf" without them being readded by plesk?
I want to stop nginx from listening on port 80/443 for a specific IP which is listed there.
Very much like described here: [URL] ....
But with nginx running in front of apache...
My setup looks like this:
* Plesk 12 + Ubuntu 14.04
* IP-Pair1 (IPv4_1 + IPv6_1)
* IP-Pair2 (IPv4_2 + IPv6_2)
IP-Pair1 is supposed to host admin and customer access.
= Plesk-admin-interface (lighhttpd?) on 80/443 instead of 8443 (ssh on 22, ftp ...)
IP-Pair2 is supposed to host visitor access.
= Plesk webspaces (nginx/apache) on 80/443
So I want to stop nginx from grabbing ports 80/443 of IP-Pair1 and listen to IP-Pair2 addresses only. Then I want to set plesk-admin interface to listen to 80/443 on IP-Pair1 only.
Is there any way to auto-delete all the messages in a specific mailbox on a specify domain on a daily basis? Using Postfix.
View 4 Replies View RelatedI built the system on Centos 6.5 with plesk 12 with a range of ips. I then (after the fact) copied the IPs of the old server to the new and moved all the domains to their IP's. This way today we flipped the routes and all should work.
The problem is that the domains only work when putting :7080 behind them. It seems like the httpd is only listening on the old IP and not the new ones. How to make plesk/httpd listen with the new IP's on port 80"
httpd.conf
#Listen 12.34.56.78:80
Listen 7080
I added all the other IP's and tried changing ports under Listen but that does not work either. So changing the listening port does not work.
I have a plesk12 webhost linux. We are having an issue about horde webmail. Weird because one of the email user cannot open email coming from specific email address and this is the message:
Error Message: Error when communicating with the server and There has been no contact with the server for several minutes. The server may be temporarily unavailabe or network problems may be interrupting your session. You will not see any updates until the connection is restored.
Now upon checking to the error logs of httpd, I found the ff:
[Tue Jul 14 16:53:09 2015] [warn] [client 202.X.X.X] mod_fcgid: stderr: PHP Fatal error: Class 'Math_BigInteger' not found in /usr/share/psa-pear/pear/php/Horde/Mapi.php on line 172, referer:http://webmail.domainsample.com/imp/dynamic.php?page=mailbox
When accessing plesk by FTP or the panel, in the root of my domain folder I have the directory
/logs/subdomain.domain.ltd/
But only a subdomain appears, how can I do it to contain logs from another subdomain too?
Want to activate webDAV in a specific domain with a v_host conf file, but do not have a /conf directory in the domain path. How can I manage the this?
View 2 Replies View RelatedWhen I create Mailbox for customer, spamassassin have status (default):
HTML:
Status false
The score that a message must
receive to qualify as spam
What to do with spam mail move
Add the following text to the true
beginning of subject of each
message recognized as spam
Modify spam mail subject text ***SPAM***
Black list
================================
Server-wide black list:
User's black list:
White list
================================
Server-wide white list:
User's white list:
But i want it:
HTML:
Status false
The score that a message must 7
receive to qualify as spam
What to do with spam mail text
Add the following text to the true
beginning of subject of each
message recognized as spam
Modify spam mail subject text ***SPAM***
Black list
================================
Server-wide black list:
User's black list:
White list
================================
Server-wide white list:
User's white list:
Not Move, it only text at "What to do with spam mail text"
How i can do it ?
I edited the /etc/apf/deny.hosts_rules files, then removed all lines from the file and finally restarted apf so it can restart with no deny host listed. But that is not working... the file appears empty or again with the rules removed before.
iptables -L -n shows the same banned hosts as dropped.
I already tried.. remove the deny hosts IPs from the file, then ran "iptables -F", then "service iptables save", and finally restarted apf and the deny IPs still there
I am using virtuozzo firewall to secure access.
I enter 58.27.175.211/255.255.255.0 for Source Address and Netmask for port 22.
But still I can connect using 58.181.103.217 or 58.27.151.120.
Second is it possible to enter two different ip address in source address?
I'm build Plesk Panel for Linux and Presence Builder, I don't want my user can upload their website to hosting via File Manager. How can I do it...
View 2 Replies View RelatedHow to activate/enable the firewall by cli, does this is possible?
Firewall module is installed.
Option in plesk GUI working well.
Does this is possible ? If yes how ?
Is that possible to block baidu without specifying whole list of IDs it's using ?
View 1 Replies View RelatedI have these problems since version 11.5. Now I have installed version 12 on centos . FTP works fine and is super fast and speedy until i enable PLEK FIREWALL, I also tried to add passive port range 60000-65534 to Plesk Firewall rules.
But nothing works.
It takes like 10 times longer to Login + List Files + Make changes using FTP. We applying changes via FTp and its very slow. We can use plesk file manager but its very inconvenient way for quick file uploads and changes.
I already posted this as a bug report and now wanted to inform other users.
Starting with Plesk 11.5, the file "/opt/psa/var/modules/firewall/firewall-emergency.sh" contains the following line:
Code:
rm -f /opt/psa/var/modules/firewall/active.flag
That line stems from updating
Code:
Preparing to replace psa-firewall 11.0.9-debian6.0.build110120608.16 (using .../psa-firewall_11.5.30-debian6.0.build115130819.13_amd64.deb) ...
Unpacking replacement psa-firewall ...
Now, when you stop the firewall, you cannot start it again, cause deleting the active.flag disables the firewall:
Code:
# ll /opt/psa/var/modules/firewall/active.flag
-rw-r--r-- 1 root root 0 2013-11-26 09:22 /opt/psa/var/modules/firewall/active.flag
# /etc/init.d/psa-firewall stop
psa-firewall: firewall successfully disabled
# ll /opt/psa/var/modules/firewall/active.flag
ls: cannot access /opt/psa/var/modules/firewall/active.flag: No such file or directory
# /etc/init.d/psa-firewall start
psa-firewall: service is disabled
You then have to manually "touch" the active.flag to be able to start the firewall again. A workaround is to remove the line:
Code:
sed -i 's:rm -f /opt/psa/var/modules/firewall/active.flag::' /opt/psa/var/modules/firewall/firewall-emergency.sh'
I really hope that Parallels fixes this asap, as normally you won't notice that the firewall is not active when every works fine (nothing is blocked) and Plesk still shows all the rules.