A common type of attack on the internet is a Brute Force attack. Hackers will try to log in over and over again, trying a different password each time. Given enough time, they will eventually get the password correct and gain access to your websites. That is why automatic IP address banning is important, and Plesk comes with a built-in tool called Fail2Ban. Fail2Ban monitors your logs searching for patterns and when it detects a pattern (that you can configure or use the defaults) it will ban the IP address. Here is how you turn it on:
- Go to the Tools & Settings page found on the left-hand sound.
- Under Security click on the IP Address Banning (Fail2Ban) button. This will bring you to the Fail2Ban utility page. It looks like this:
Notice how there are different tabs at the top: Settings, Logs, Jails, Trusted IP Addresses, and Banned IP Addresses.
To start using Fail2Ban you must select the Enable intrusion detection check box. The IP address ban period is the amount of time an IP address will remain banned before being removed from the ban list. The Time interval setting is the amount of time that must go by before the attempts are reset. The number of failures field is how many times the IP address needs to fail to login before being banned.
In the above screenshot, the IP address needs to have 3 failed attempts all within 600 seconds of each other in order to be banned for 600 seconds.
This tab allows you to download the Fail2Ban logs. This is a good place to start if you need to trouble shoot banned IP's
This tab allows you to manage the rules or patterns that will determine if an IP is attacking your server. Here is what the page looks like:
Notice how the plesk-apache jail and the plesk-dovecot jail are active, but all of the others are inactive. Only the rules in active jails will be respected, the more jails you have active, the more services you are protecting which in this case is only Apache and Dovecot. By default, Plesk comes with a few jails that are pre-configured and simply need to be activated. We highly recommend that you activate at minimum the Plesk-WordPress jail as this is a common target for hackers.
By clicking on Manage Filters, you can create new filters to be used by Jails, although we recommend that only advanced users do this as you may break existing filters or create filters that block everything.
Here is an example WordPress filter which is looking for failed login attempts on WordPress:
Trusted IP addresses.
In this tab, you can add IP addresses that are to be trusted and never banned. you can provide a single IP or a full CIDR block.
Banned IP addresses.
Here you can view the list of currently banned IP addresses. You may also select them and un-ban them from here although they risk being banned again unless they are added to the list of trusted IP addresses.
Server security is very important, especially if you are dealing with high traffic or WordPress websites as they are often targets of attacks. These tools are not the only tools that can help you protect your VPS server, but they do provide a good base. Just like anti-virus software, you are not guaranteed to never get hacked, but you are now much more protected than before and your server will be able to handle the common types of attacks!
If you need any help getting started, or have some additional questions, please feel free to reach out to our 24/7 Customer Support team and we will be happy to help!