Today I try to fit all FW rules to my need. After i blocked the traffic "allow other incoming traffic" in the Plesk FW i dont get folders listed via FTP. The FTP client connect to my server, but listing content times out. After allow other traffic the content get listed. The rule "Allow FTP connections" ist in all enabled all the time.
View 3 Replies
Initially I was able to connect via FTP. Then all of a sudden I started getting 550 SSL/TLS required on the control channel. Why did it suddenly required SSL/TLS when I did not do anything extra?
Now when I'm trying to connect via FTPES using FileZilla (tried both active and passive) on Linux Mint Debian, I'm getting the error below. I'm really stumped. I have tried to Allow incoming from all on port 49152-65534/tcp via Plesk firewall, but still no go.
The worst thing now is, I can't even get FTP to work anymore. Of course I would prefer to have TLS working.
Status:Connection established, waiting for welcome message...
Response:220 ProFTPD 1.3.5 Server (ProFTPD) [206.106.213.243]
Command:AUTH TLS
[Code]....
I enabled plesk firewall to my ip now I cant seem retrieve directory listing. I've done the same with ssh that works fine.
Response:230 User logged in
Command:OPTS UTF8 ON
Response:200 UTF8 set to on
Status:Connected
Status:Retrieving directory listing...
Command:PWD
Response:257 "/" is the current directory
Command:TYPE I
Response:200 Type set to I
Command:PASV
Response:227 Entering Passive Mode
Command:MLSD
Error:Connection timed out
Error:Failed to retrieve directory listing
When I deny all other traffic for the "System policy for incoming traffic" to secure the server by only allowing the explicit ports I've requested to open, my server stops operating correctly.
It appears when I set the "System policy for incoming traffic" to deny, it appears to be disrupting various functions such as web traffic over ports 80/443, FTP, SSH, they either work extremely slow or don't work at all.
I brought this up with my Plesk license provider and they stated that the Plesk firewall doesn't add any tracking for ephemeral ports, therefore if you set the policy to drop for incoming/outgoing, it's not going to allow proper TCP communication since the return socket can't be opened. Also that the firewall is an explicit deny system rather than explicit allow based system.
Am I doing something wrong? All I want to do is to block all ports other than the ones I've set to allow. Is this how it is supposed to work?
I've just made a transition from a VDS to a Dedicated and I'm having problems preventing directory contents from showing. In my previous server whenever I created a directory, it would automatically give a 403 when you tried to access the directory directly in your browser (which is what I want). Now when I set up directories in this new dedicated the contents of the directories display when there is either no index page or if I didn't have an htaccess file preventing it from listing the contents.
So what im asking is how did my previous server automatically set up the directories to not display the contents but use the contents and allow access to say for example pictures in the directory?
Is there a way I can have apache automatically do this for me or do I have to place a blank index page in every directory i create or have to place an htaccess file in every directory I create? How can I protect the contents with a 403 but still allow the contents to be accessed only through full path?
May be this is a stupid question, but I really don't know why I can't list the files in the root folder of a website(I didn't put any index.html or index.php in the folder).
I point my domain.com to /home/user/docs, the server can list domain.com/test/ files. But it can't list the files of domain.com/. It just shows the page at /var/www/htm, if I don't have any index file under /home/user/docs.
I have this in the httpd.conf file:
<Directory "/home/user/docs">
Options +Indexes
allow from all
</Directory>
We've found out a abnormal usage of one of our servers, our RTG graphs shows:
Last 24h
IfInOctets: 30.5GB
MAX: 6.9MBits/s
AVG: 3.4Mbits/s
Cur: 4.7Mbits/s
And a strage traffic:
IfOutOctets: 42.5GB
MAX: 76.6MBits/s
AVG: 4.7Mbits/s
Cur: 600Kbits/s
We are running two websites on this server, and we looked at raw log apache, we've compilers disabled, we block most of outgoing / incoming packets on firewall, we ran chkrootkit, rkhunter and nothing was found. We checked for cronjobs, suspect files, netstat, but we can't see anything strange. We use the latest server software (apache 2.2.x), PHP 5.2.x, MySQL 4.1.x, we have most of the server optimized.
We are running iptraf now, and it seems normal:
„ Incoming rates: 85.8 kbytes/sec
„ Outgoing rates: 636.4 kbytes/sec
Anyone have an idea? And some way to properly monitor incoming traffic? I'm looking to find how/where is the source of this traffic.
problem with incoming spam to my server. Causing high load that eventually take down the server.
Since I don't use the server for my mail (I use Gmail), can anyone let me know the easiest way to stop/block all incoming mails to the server? I still need outgoing mail, though. Some of my PHP forms need it.
Right now, I stopped Exim to save the server (if it runs, load can get to 900+).
I've been plagued by CBL listing for quite some time now, on a linux server with Plesk 12.After months of a fierce fight against every possible malware on the about 120 various websites on this server, extensively monitoring clients emails, enabling restrictive policies and finally even hiring a private security firm to investigate the problems further, we were sure that not a single spam message was sent by our server in any way.
So we finally contacted CBL, exposed the issue and got this answer:The CBL attempts to detect compromised machines in a number of ways based upon the email that the CBL's mail servers receive.During this it tries distinguish whether the connections represent real mail servers by ensuring that each connection is claiming a plausible machine name for itself (via SMTP HELO), and not listing any IP that corresponds to a real mail server (or several mail servers if the IP address is a NAT firewall with multiple mail servers behind it). 54.194.XX.XXX was found to be using several different EHLO/HELO names during multiple connections on or about:
2015:01:09 ~16:30 UTC+/- 15 minutes (approximately 3 days, 21 hours, 14 minutes ago).
The names seen included: xxx1.xx, xxx2.xx, xxx3.xx, xxx4.xx, xx.xxx5.xx, veniceberg.com..Note that the above list may include one or more names that are not fully qualified DNS names (FQDNs). Host names (ie: Windows node names) without a dot are not FQDNs.
The final possibility is that 54.194.XX.XXX is not a NAT firewall, and is instead a single box with many domains provisioned on it, some that send email directly, setting the HELO as the sending domain. If this is the case, to prevent a relisting we strongly recommend setting the mail software on the box so that a single identifying name is used in outbound SMTP connections mail software on the box so that a single identifying name is used in outbound SMTP connections. As an alternate workaround, you can configure the mail software to relay its outbound email through an intermediate mail server. Even a co-resident mail server package (such as IIS on Windows) will do fine.​
This pointed me to this Plesk Mail setting (not sure if this selection is the default). Now we are waiting a few days to see if changing to "Send from domain IP addresses" solves the issue. I think this is a kind of issue which deserves attention by Parallels to avoid other users go trough our fatiguing ordeals. If this setting is responsible for getting servers blacklisted, it should be highly discouraged.
On my plesk server, i have several emails account. These email addresses should receive only emails send by a specific server. But for now, they can receive any email, including spam.
So, i would like to block all emails that are not coming from the allowed server.
How can i do this in plesk ? As i am not a very good server admin, can you tell me exactly what i need to do in plesk?
Since the update I have a problem with my Firewall. I need to set "Allow all incoming connections" under "Server => Firewall" in order to connect over FTP with TLS (explicit). This was working before the update without allowing all incoming connections. How to fix this in the Plesk panel?
View 2 Replies View RelatedI have a client with a dedicated server running. Spec below.
The problem I am having is with incoming email. When I set up a new email account it can take about 10 attempts to log on to the incoming mail server. Once it has connected it will be ok for a short while then I will get a connection error and no emails will come through.
This is happening across all platforms, PC / MAC / iPhone and iPad.
I am a web designer with limited knowledge of the setting up of the server and was looking to set up email server within plesk.
General
CPUGenuineIntel, Intel(R)Core(TM) i5-2400 CPU @ 3.10GHz
VersionParallels Plesk Panel v11.0.9_build110120608.16 os_Ubuntu 12.04
OSUbuntu 12.04.4 LTS
Key numberPLSK.02873817.0002
System Uptime: 60 day(s) 10:03
Hostname
IP address
OSUbuntu 12.04.4 LTS
Panel version11.0.9 Update #62
When I am trying to configure my e-mail in outlook 2010 / Thunderbird, the incoming Server don't respond (IMAP/POP3) but for the outgoing, it works perfectly. Webmail is full functional.
I have this on Outlook : [URL] ....
I wonder if there is any chance to change the domain that is being shown as the incoming/outgoing mail server to users of the Plesk Panel, when clicking on the "Info"-Icon near an e-mail-account in the mail list (see screenshot).
We only have a SSL certificate for one domain and want our customers to use this domain in their mail client settings, so that the client trusts the domain.
Is there a way to block Asia in a whole from my server.
I am getting nothing but spam/hack/warz/rapidleech sites on my free hosting server.
Can this be done with net blocks/ip ranges?
In AWStats I am getting a lot of traffic from one URL but it is all spam traffic. How can I make it so that any visitors that come from that URL cannot access my site?
They have a link on their site to mine...
How do i block all traffic to a port using iptables?
For example, i need to stop all incoming traffic on port 80 of my server.
I have a public website, unfortunately, I believed it was being hacked and now the page only display:Directory listing Denied. This Virtual Directory does not allow to be listed..
How could I solve it?My website just consists of one phpbb forum and some html files.
I got an error in ftp.
Command:MLSD
Response:150 Accepted data connection
Response:226-ASCII
Response:226-Options: -a -l
Response:226 24 matches total
Error:Connection timed out
Error:Failed to retrieve directory listing
Is there a way to see what domain is getting hit when I have a huge traffic spike? Not the daily report, but in real time? Like when it is happening?
View 1 Replies View RelatedI use a spam protection service. It works as following : -My DNS are configured to point to a server (sever A) which is configured to filter spams. -If an email is not a spam, the first server send it to my mail server (server B).
But some spammers found a way to bypass the protection : They send directly their email to my mail server (server A). So, i want to allow only emails coming from the server A IP.
I am currently running a virtual server, and over the past couple days have had a number of brute attacks from Chinese and Indian based IP's which have been marked in my logs and trying to break in, this has pulled my websites down with the server load.
I am trying to, in the Firewall settings, add the IP's to a block list, however am unable to see where this can be configured.
Is that possible to block baidu without specifying whole list of IDs it's using ?
View 1 Replies View RelatedI have the problem that the ip blocked "failban" too short (set findtime=1800).
The ip should be blocked for 30 minutes (the second time).
2015-03-23 22:24:59,779 fail2ban.filter [2807]: INFO Set maxRetry = 5
2015-03-23 22:24:59,780 fail2ban.filter [2807]: INFO Set findtime = 1800
2015-03-23 22:24:59,781 fail2ban.actions[2807]: INFO Set banTime = 600
2015-03-27 04:50:56,209 fail2ban.actions[2807]: WARNING [ssh] Ban 195.xxx.xxx.xxx
2015-03-27 05:00:56,913 fail2ban.actions[2807]: WARNING [ssh] Unban 195.xxx.xxx.xxx
2015-03-27 05:09:05,483 fail2ban.actions[2807]: WARNING [ssh] Ban 195.xxx.xxx.xxx
2015-03-27 05:19:06,153 fail2ban.actions[2807]: WARNING [ssh] Unban 195.xxx.xxx.xxx
2015-03-27 05:35:39,317 fail2ban.actions[2807]: WARNING [ssh] Ban 195.xxx.xxx.xxx
2015-03-27 05:45:40,012 fail2ban.actions[2807]: WARNING [ssh] Unban 195.xxx.xxx.xxx
I am trying to block this whole range of IPs, all that begin with 66.249. How is is that done?
View 1 Replies View Related
