Plesk & SocialBee have teamed up. Save 30% now!

Get the Deal

Knowledge Base

Fail2Ban Jails Management

 
administrator guideprotection against brute force attacks fail2banserver administrationapachedovecot

Advanced users might also be interested in configuring the way the
so-called Fail2Ban jails are used to block IP addresses. A Fail2Ban
jail is a combination of a filter and one or several actions. A filter
defines a regular expression that matches a pattern corresponding to a
failed login attempt or another suspicious activity. Actions define
commands that are executed when the filter catches an abusive IP
address.

A jail can have active or inactive status. When Fail2Ban service is
running, only active jails will be used to monitor the log files and to
ban suspicious IP addresses.

In Plesk, there are preconfigured jails for all hosting services (web
server, mail server, FTP server, and so on). Most of them work in the
same way: they detect failed login attempts and block access to the
service for ten minutes. These jails are listed at the Jails tab at
Tools & Settings > IP Address Banning (Fail2Ban).

image 76414

The following preconfigured jails are available:

  • plesk-apache looks for Apache authorization failures and bans
    attackers for 10 minutes.
  • plesk-apache-badbot looks for email grabbers and vulnerability
    scanners in Apache’s access log files. The ban lasts for two days.
  • plesk-dovecot looks for Dovecot IMAP, POP3, and Sieve
    authentication failures and bans attackers for 10 minutes.
  • plesk-horde and plesk-roundcube detect webmail login failures
    and block access to a web service for 10 minutes.
  • plesk-modsecurity bans the IP addresses detected as harmful by
    the ModSecurity Web Application Firewall. The jail
    can only be activated if ModSecurity is already running, and will ban
    attackers even if ModSecurity is operating in the “Detection only”
    mode. The ban lasts for 10 minutes.
  • plesk-panel detects Plesk login failures and bans attackers for
    10 minutes.
  • plesk-postfix looks for Postfix SMTP and SASL authentication
    failures and bans attackers for 10 minutes.
  • plesk-proftpd looks for ProFTPD login failures and bans attackers
    for 10 minutes.
  • plesk-wordpress looks for WordPress authentication failures and
    bans attackers for 10 minutes.
  • recidive looks for other jails’ bans in Fail2Ban’s own log. It
    blocks hosts that have received a ban from other jails five times in
    the last 10 minutes. The ban lasts a week and applies to all services
    on the server.
  • ssh looks for SSH login failures and bans…
Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2024 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit