• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Resolved Juggernaut Security and Firewall Plesk Addon

So by default, Juggernaut offers no way to see what IPs are being dropped?

Also, when I do know the IP to search for, why is it not showing up in the Dashboard search?
 
> So by default, Juggernaut offers no way to see what IPs are being dropped?

We follow the same defaults for logging that CSF uses for all Cpanel servers. Just enable Drop incoming logging as I mentioned if you really want them logged.
 
>We follow the same defaults for logging that CSF uses for all Cpanel servers. Just enable Drop incoming logging as I mentioned if you really want them logged.

Forgive me if I'm missing something. I'm not trying to be obtuse. I just know that without using Juggernaut, if we had someone who couldn't connect via FTP, we would have someone look at the logs, see what IP was knocking on the door, and then we would whitelist it.

When we know the IP, what would be causing it not to show up in the Dashboard search you suggested?
 
MacGyver said:
When we know the IP, what would be causing it not to show up in the Dashboard search you suggested?
Click to expand...
If you search for the IP address in the dashboard search and it doesn't come up with any results, then it's not blocked on the firewall. It's not a firewall problem.
 
>If you search for the IP address in the dashboard search and it doesn't come up with any results, then it's not blocked on the firewall. It's not a firewall problem.

Perhaps there is a disconnect in how I am relaying things then.

I pull up a browser. I got to a site on this server. I can connect with no problem. I pull up a browser based VPN and set it to connect from Germany, Romania, etc. A country that is blocked. I go to ipchicken.com to check the IP address. I try to connect to the same website. Now it times out. I go back to ipchicken.com and confirm that it's still that IP address. I turn off the VPN and connect to the site successfully now. I now go to the Dashboard and search for that overseas IP, and it's not there.

Clearly I'm misunderstanding something. What am I doing wrong?
 
Thanks. We got the issue resolved temporarily, but will open a ticket regarding the MaxMind issue as the issue does not seem to be resolved. Just FYI, we go this in the morning email:

We’re still seeing outdated API requests from your account (ID XXXXXX) that are using an incorrect endpoint.

Going forward, we will only accept:

  • API requests sent with the more secure HTTPS protocol.
  • API requests sent to the appropriate hostname.
Click the links below to view a list of valid API hostnames for each service.



If you have questions or need help, just reply to this email.
 
They are probably sending those out from any requests from the last month. CSF just pushed their fix a few weeks ago. All our extensions use https:// and download.maxmind.com as they recommend.
 
How does this firewall compare to the preinstalled ModSecurity WAF by Comodo and Fail2Ban?

Does it automatically block attack attempts?
 
@safemoon A web application firewall and an IPtables firewall perform two completely different tasks. You should have both installed. Juggernaut will monitor the modsecurity logs and ban users who trigger modsecurity repeatedly.

@zed2007 Just add a rule for the IP address under Allow -> Allow permanently.
 
Just a shout out for the Danami support team. We decided to try Juggernaut on a server we were migrating purely in hopes that it would supply some GEO blocking security. Now over a year later it's done everything we hoped, and more. We're now using it to deal with some other security issues, and the Danami support team has been great.

We're not usually big on subscription based products, but this one has proven itself. So much so that when our AV comes up for renewal this year, we will likely be switching to the Danami product for that as well. When first looking at the firewall, it seems to be a bit overwhelming, but I have found that it's really not once you start using it.

If you're looking for a good software based firewall add on for Plesk that will provide GEO Blocking, this is a great product. I hope this helps others who are looking for a solution.
 
hotdog said:
The GeoIP block won't work if you use only nginx, not Apache?
Click to expand...
@hotdog yes you would have to have the sites PHP handler set to Apache if you want to do Geo blocking at the web server level. With that said you can also block countries at the firewall level.

How can I deny a countries at the web server level using Juggernaut Firewall?

How can I deny countries at the firewall level using Juggernaut Firewall?
 
You must log in or register to reply here.

Similar threads

T
Question Using an external firewall to block Plesk ports
Replies
3
Views
772
thinkjarvis
T
P
Issue plesk firewall 2.1.5-412 still has problems
2
Replies
20
Views
3K
PeterKi
P
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
2K
The 8th
The 8th
C
Question Securing Docker ports to local access only with firewalld
Replies
8
Views
6K
captainhook
C
S
Question Plesk Firewall do not block connections to Docker container
Replies
0
Views
804
shopuser
S
Back
Top