Plesk Juggernaut Security and Firewall 4.05-1

To install an extension from a file via the Plesk interface:

1. Add the following lines to the panel.ini file:
   [ext-catalog]
   extensionUpload = true
   
   
2. Click Extensions and go to My Extensions.
3. Click Upload Extension. Select the file containing the packaged extension you want to install, and click OK.

Juggernaut features an SPI firewall, brute-force protection, real-time connection tracking, intrusion detection, dynamic block lists, statistics and reporting, Modsecurity auditing, country blocking, Cloudflare support, and more cutting-edge technology to handle your security needs – all in one security extension.
Important

• This is a paid extension designed for power users and service providers. Some system administration experience is recommended.
• On Centos/RHEL/Cloudlinux/AlmaLinux the EPEL repository will be enabled.
• The Danami repository will be enabled to install the MaxMind DB Apache module.
• ConfigServer Security & Firewall will be installed on install and removed on uninstall.
• Plesk firewall and fail2ban packages will be automatically removed on install.

Features

SPI Firewall
A next generation SPI iptables firewall that fully supports IPv6 and IP sets. We have pre-configured settings that work on a Plesk server with all the standard Plesk services.

• Full IPv4 and IPv6 support with ip6tables.
• Ipset 6+ support for high performance firewall blocking.
• Allow or deny IP addresses permanently or temporarily (Supports subnets in CIDR notation).
• Create advanced iptables rules for allowing or denying specific IPs or ports.
• Robust command line interface for performing all firewall tasks.
• Enable or disable iptables for specific network cards.
• Enable strict rules to DNS traffic.
• Filter packets for unwanted or illegal packets.
• SYN and UDP flood protection.
• Connection limit protection for protection from DOS attacks against specific ports.
• Flood protection for protection from DOS attacks against specific ports.
• Block traffic on unused IP addresses.
• Whitelist dynamic DNS IP addresses so you never block yourself.
• Search though iptables rules to see if an IP address is blocked.

Brute Force Detection
The login failure daemon complements the SPI firewall and responds to failed logins to block offending IP addresses very quickly. It continually monitors authentication logs across multiple protocols blocking brute force attacks within seconds.

• Check for login failures against all your server services like SSH, FTP, SMTP, POP3, IMAP, BIND, .htpasswd, Horde, Roundcube, Plesk and Modsecurity.
• We support custom triggers like apache-referrers, apache-useragents, WordPress or php-url-fopen. Block referral spam, bad search engine spiders and WordPress brute-force attacks right on the firewall!
• Add your own custom login failure triggers.
• Add your own custom log files to monitor (supports wildcard patterns).
• Supports both complete blocking or just blocking to the failed application.
• Easily adjust login failures limits per hour for each service before blocking.
• Get a detailed email alert when a trigger is blocked which includes IP location information.
• Convert a temporary block to permanent if the IP address has repeated temporary blocks.
• Block entire netblocks after repeated login failures from the same subnet.
• Ignore specific IP addresses, CIDRs, and countries from being blocked.
• Supports automatic sending of X-ARF reports to the IP addresses that abuse contact.

Real-time Tracking
View all network connections, server processes, Apache connections, bandwidth usage and disk I/O in real-time. Each IP address is tagged with its location and you can permanently deny an IP with just a few clicks.

• Set the display grid to refresh every few seconds.
• Filter Network connections by protocol, TCP state, and port number.
• Search and sort network connections by connection totals, source, and location.
• Search and sort Apache connections by CPU usage, virtual host, and request method.
• Search and sort processes by CPU and memory usage, process state and the running command.
• Search and sort bandwidth usage by source IP, destination port, transmit and receive bandwidth totals.
• Search and sort disk I/O by process, user, disk read, disk write, swapin, and IO totals.