Plesk 12.x / Linux :: How To Block Access To Default Website
Oct 21, 2014
I've seen a number of exploit attemps on the default website which I believe has come via direct access via ip address i.e http://xxx.xxx.xxx.xxx.I have tried to block with .htacess but it seems to be being ignore (possibly by parallels or nginx configuration).how I can block access to the default site to all but 127.0.0.1, server external ip and my ip?
I am currently unable to access the Plesk control panel except from the web server itself. When I try any of the following options, all work on the server itself but externally all I get is the default Tomcat page.
I don't know if the problem is on the server itself or something within our firewall - we use Microsoft Forefront TMG. The port 8443 is open, and the Tomcat page is being served. All websites working fine, both internally and externally. The server itself is in a DMZ on the network.
The server is running Centos 7 with Plesk 12.
I just noticed that when adding a new domain, I am warned that the domain resolves to another IP address - the external one. Currently, the IP address set up in Plesk is the internal (192.168...) address. Could it be that I need to change this to the external?
I use a spam protection service. It works as following : -My DNS are configured to point to a server (sever A) which is configured to filter spams. -If an email is not a spam, the first server send it to my mail server (server B).
But some spammers found a way to bypass the protection : They send directly their email to my mail server (server A). So, i want to allow only emails coming from the server A IP.
I am currently running a virtual server, and over the past couple days have had a number of brute attacks from Chinese and Indian based IP's which have been marked in my logs and trying to break in, this has pulled my websites down with the server load.
I am trying to, in the Firewall settings, add the IP's to a block list, however am unable to see where this can be configured.
I have the problem that the ip blocked "failban" too short (set findtime=1800).
The ip should be blocked for 30 minutes (the second time).
2015-03-23 22:24:59,779 fail2ban.filter : INFO Set maxRetry = 5 2015-03-23 22:24:59,780 fail2ban.filter : INFO Set findtime = 1800 2015-03-23 22:24:59,781 fail2ban.actions: INFO Set banTime = 600
I am replacing the default certificate in Plesk so that customers do not get a certificate warning when visiting the panel login page.
I've created the certificate in the "SSL Certificates" section made it default and used it to secure Plesk. However I've still got all the existing domains using the old default certificate, how can I do a mass changeover so that all existing domains are now using the new certificate?
I've updated the IP's to use the new certificate. When I go to "SSL Certificates" in "Tools and Settings", it seems that there are some domains now using the new certificate but quite a lot of the other are still not, how can I get these over too?
When typing my ip it used to go to Plesk landing page.
Then through the option: server > tools > IP Addresses, I changed the "Default site" to my main domain, however, it just points to the main page, and not changes the url to the domain (keeps the ip in title, and not show the domain url).
How to make it forwarded to the domain (show it in the address bar), and not just to the index page?
My System: Ubuntu 12.04 Plesk 12.0.18 Update #18 Only Webserver no mail
What I want: I have an old sha1 certificate and I would change this for the whole server.
What I have done so far: I have already uploaded the new sha256 certificate with a new private key to plesk (I can not simply replace the old one, plesk does not allow me to upload a new private key).
Then I set the new certificate as standard certificate and pressed the "secure pannel" button.
After that the panel uses the new certificate.
Then I set in "Tools & Settings -> IP Addresses" on both IP addresses the new certificate.
But now the "Tools & Settings -> SSL Certificates" shows me that the old certificate is still used 2 times somewhere. But the Interface does not show where it is used. How can I find out where this certificate is used? I want to remove the old certificate from the server.
I have suddenly lost all of the websites on the plesk panel server 12.0.18. One of the domains was being used to spam and so I started blocking stuff and removing some of the offending files and folders and the spamming stopped.
However it got to a point where I needed to restart the server and although it was working before the restart, once I did restart it it stopped working. All domains are loading nothing and the access_log looks like nginx or FastCGI is trying to redirect the page somewhere. The bootstrapper repair log file states:
"Details: PHP Warning: include_once(Template/Writer/Webserver/Apache.php): failed to open stream: No such file or directory; File: /usr/local/psa/admin/plib/Loader.php, Line: 97"
i'm running 12.0.18#34 on PCS dedicated server. i recently discovered that some of the default jails on fail2ban that is shipped with Plesk 12 were not working correctly. Let me explain what i mean. For instance, the plesk-panel jail. The logs were parsed correctly, the command was successfully appended in iptables list, the fail2ban log was updated. Still, the intruder was not blocked. I kept reading "already banned" on the fail2ban.log but actually there was no blocking.
After some checks, i found out that fail2ban default configuration states SSH as default blocking port. that means, the block was working but only for ssh hits. thus the plesk-panel admin page hits were passing through.
since i added port=http,https on jail.local > plesk-panel and did it a restart on fail2ban service, only then did it start to actually block incoming hits.
I think this should be verified by programmers group and maybe include a fix in some future minor update.
My default certificate expired recently. I created a new certificate "default certificate 2".
I used this certificate for "Secure the Panel"
I went to "Tools and Settings" -> "IP addresses" and made this certificate the default for all the IPs. On the page "Tools and Settings" -> "SSL certificates", it says Used: 0 next to "default certificate".
But when I try to delete it, it tells me: "Error: Unable to remove certificates: one or several certificates are assigned to the IP addresses/domains."
Is there anywhere I can check where this certificate is still used?
I have Plesk 11.5 installed on my server. There are about 30 sites on the same shared IP address. I need to set up a site to be accessible via https://<ip-address-of-the-server> . According to the documentation I went to Setting -> IP Addresses and selected the desired site from the drop down. Now http://<ip-address-of-the-server> (note, 80th port) works like a charm. Unfortunately https:// displays only the first page of the selected site; all CSS, JS and other files are not found (404).
I did some research and found that Nginx forwards the requests to Apache for all the PHP files and tries to handle all the static files by itself (what is expected and correct). But it looks like that there is no special configuration for nginx which would specify where to get these static files for the IP address, and Nginx just uses the first loaded config (started from b in my case).
I temporary resolved this issue by modifying the last_nginx.conf for the desired domain this way: listen XX.XX.XX.XX:443 default_server ssl;
Note I added "default_server" directive. Of course it would be erased on each reconfiguration of the config files, but as for now I do not see how I can put it in custom nginx.conf or on the server servel level. I reckon Plesk should include the directive in the file the same way as it produces last_httpd_ip_default.conf Apache config for the selected domain. It looks to be an easy fix on the template level, may be I will do it later, but for now this is just the bug report.
I am noticing that several of my users are wiping out their user root folders ( logs, error docs, etc...) when they fail to use '/httpdocs/' as the root directory when publishing with FTP.
I fixed this by editing the proftpd.conf to use ~/httpdocs/ as the DefaultRoot folder ( instead of just ~/ ).Would it be safer(better) to go through all the ftp users and make the home directory '/httpdocs/' instead of '/' in the admin UI? If yes, what is the best way to do a mass update of this setting for multiple users ( multiple domains ) ?
I've just purchased a VPS with Ubuntu 14.04 and Plesk 12 Web Admin Edition. I will use the vps to host just one domain/website. The first time I access Plesk, it asks for some info and first of all it asks form my domain. The default value is localhost.localdomain. Should I leave the default value or should I enter my domain (let's say example.com)?