block bad bots by default
There are many bots that can actually DoS a server using Plesk. Since there's no way to limit their connections they can overload a server really easily. Currently the only way to block them is by reading the logs and implementing blocks in nginx or .htaccess rules.
It would be great if there could be some security by default. The community has created very comprehensive lists that could be used and auto updated / maintained by cron jobs.
Here's an example for Apache
https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/tree/master/Apache_2.4
And here's for Nginx
https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
It could help mitigate attacks and vulnerability scans as well a lot out of the box. Please consider this as security should be top concern.
Thank you for your input. We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
BTW, we have following solution for Plesk – https://talk.plesk.com/resources/blocking-extra-bots-using-nginx.6/
—
IG
-
Gabriel T commented
I just noticed your comment however adding manually a huge list of bad bots when there is a community maintained list is a tedious to say the least. I would think that making PLESK servers as secure as possible should be top concern out of the box. So far I haven't seen a single PLESK installation that hasn't at least suffered into the hands of bad bots at least once.