Best Security tools and usage in Plesk
Security is the utmost priority of any systems. Data loss and malicious attacks can ruin your site, so security is vital. There are advanced security tools in Plesk besides the basic security settings, which can enhance the security levels.
Fail2Ban: Protect Your Server from Brute Force Attacks
Fail2Ban is an automated protection for the server from the brute force attacks. It checks the log files for the pattern of authentication failures, seeking for exploits, and other entries that can be considered suspicious. Such log entries are counted and when it reaches its cutoff, it will automatically send notification email or bans the attacker’s IP for a fixed period of time.
Fail2Ban are installed as Plesk Component. We can configure Fail2Ban settings via Plesk control panel at Tools & Settings >IP Address Banning.
Here we can:
1) Create a filter that will be used to search the logs for suspicious activity. The filter is a set of one or more regular expressions.
2) Create a jail, which is a set of rules covering an individual context. The settings of the jail determine what is to be done once an attack is detected according to a predefined filter.
3) Activate or deactivate a jail.
4) Specify trusted IP addresses, i.e., these IP addresses that will never be blocked
5) Configure the settings of IP address banning, such as ban period, a time interval for detection of future attacks, a number of failures before an IP address is banned.
6) View the list of banned IP addresses and unban them if necessary.
The Plesk has its own preconfigured jails and filters for all hosting services (web server, mail server, FTP server). We can also configure our own jail and filter according to the rules.
Firewall: Control Network Connections
Plesk firewall allows to protect the server from the incoming network connections that affects the server’s security. The firewall will either allow or deny the connections to the services required for the proper functioning of a hosting server, such as web hosting, mail server, and FTP server. The principles of the firewall both in Linux and Windows are almost same, but there are some differences.
In Linux, firewall is a Plesk extension. The policies of the firewall affect the whole server while the rules affect to the incoming connections to the individual Plesk services, such as SMTP or MySQL. By modifying the policies and the rules you can easily tighten and lower the security settings. For example, we can set a policy to allow all connections to and from the server, but use individual rules to deny the connections from individual IP addresses – thus overriding the existing policies.
In Windows, it has a predefined rule that allow connections to the services required for the smooth functioning of the hosting server. In Windows, firewall doesn’t include policies. We can turn on and off the rules which are made. In addition, we can manage the Internet Control Message Protocol (ICMP) communications that allows computers on a network to share error and status information which are also used to for troubleshooting.
You can manage the firewall in the Plesk interface, at Tools & Settings > Firewall.
ModSecurity: Prevent Web Applications from Attacks
ModSecurity is a Web Applications firewall. It is a module of a web server, such as Apache on Linux or IIS on Windows, which protects the web applications from hackers and other malicious attacks. ModSecurity checks each incoming HTTP request and the set of rules applied. If the checks succeeds, then it will allow the HTTP request to the website to receive the content. If the check fails, ModSecurity proceeds according to the set of rules: it either provides an HTTP response with the error code or just saves a corresponding record to the log. There are free and paid sets of rules available. There are regular expressions that are used for HTTP requests filtering.
In Plesk, you can switch on ModSecurity, select its mode and a set of rules, configure its parameters, or even apply your custom, fine-tuned ModSecurity directives.
Apart from the using the security tool settings, Plesk also provides additional tips to enhance the security:
1) Get SSL certificates. In specific, you can create a free SSL certificate for your domain using Let’s Encrypt which is available as a free Plesk extension.
2) Restrict access to Plesk from a specific IP addresses.
3) Restrict connections via XML API.
4) Protect databases by setting Enhanced security mode.
5) Protect mail from spam by using the SpamAssassin filter.
In addition, apply some standard security recommendations that are still relevant for Plesk:
1) Use strong passwords, as they are more resistant to various types of attacks.
2) Change the standard SSH port (on Linux) or RDP port (on Windows) if there is a risk of a brute-force attack.
3) Apply all necessary updates frequently and timely to enhance Plesk security and stability.
If you need any further assistance please reach our support department.