Knowledge Base

All websites on Plesk server periodically unavailable after accessing WordPress comments or working in WordPress dashboard

Symptoms

All websites on Plesk server periodically unavailable after accessing WordPress comments or working in WordPress dashboard
Comodo ruleset is enabled in ModSecurity at Tools & Settings > Web Application Firewall (Modsecurity):
'plesk-modsecurity' jail is enabled at **Tools & Settings > IP Address Banning (Fail2Ban) > Jails:
At Tools & Settings > Web Application Firewall (Modsecurity) > ModSecurity Log File the following message appeared:

Message: Warning. String match "get" at REQUEST_METHOD. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/27_Apps_WPPlugin.conf"] [line "4595"] [id "222212"] [rev "2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"]

Cause

IP address banned by fail2ban triggered by ModSecurity rule match alert.

Resolution

Solution 1

Log into Plesk and,
Switch ModSecurity ruleset to Atomic Standard in Tools & Settings > Web Application Firewall (ModSecurity) > Settings:

Solution 2

Disable the ModSecurity rule with id 222212 (4th symptom) using instruction from: How to disable specific ModSecurity rules in Plesk

Related Posts

How to Use Fail2ban to Secure Your Linux Server (CentOS, Ubuntu, Debian, Fedora, and Plesk)

How to Avoid High CPU Load and Block Hackers and Bad Bots Effectively

Full Site Check now scans for Google Fonts

Knowledge Base

How to secure WordPress installations in Plesk

On Plesk server with both fail2ban and Imunify360 turned on, IP addresses are intermittently banned

IP addresses are being banned by the Fail2Ban “plesk-modsecurity” jail, when working in WordPress admin dashboard

How to secure a Plesk server

Hosting Wiki