This article will show you how to enable Fail2Ban within your Parallels Plesk 12 based Virtual Private Server (VPS). This was one of the great new security features introduced with Plesk 12, allowing you to continually monitor log files and ban users who are trying to gain access to your system. Out of the box, this feature can monitor and ban:
- Apache authentication attempts
- Bad / Fake bots
- IMAP / POP connection attempts
- SMTP connection attempts
- Webmail connection attempts
- Plesk connection attempts
- FTP connection attempts
- SSH connection attempts
This provides a comprehensive set of services which are monitored and therefore can be protected against brute force hacking attempts.
- To enable, login to your Plesk within your VPS.
- Select Tools and Settings, then select IP Address Banning:
- Firstly, if you have a static IP for your office, you should add it to the Trusted IP Addresses. This is to prevent any accidental triggers of the rules. To do so, click on the Trusted IP Addresses tab and click on "Add Trusted IP":
Enter the IP of your office Internet connection, you can verify this IP via our Client Info tool.
- Next, click on the Jails tab to enable / disable the particular services you wish to monitor:
- Once you're happy with the selected Jails, you can now enable the banning. Click on the Settings tab.
- Tick the "Enable intrusion detection" checkbox. You can also adjust how long the IP is banned for and also how many failures it requires before triggering a ban. Click OK to enable.
- You now have Fail2Ban running on your Plesk Server.
- All IP's which are currently banned (and what triggered the ban) are viewable within the main screen.
(If you don't see any IP's listed here, it means nothing is currently banned)