Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
Operations in the Plesk Control panel are slow.
-
Task Manager option cannot be opened in Plesk > Tools & Settings > Task Manager.
-
Plesk Task Manager process is causing high CPU load. Server might become unresponsive or experience downtime due to resource overload.
- Errors that are similar to the following are displayed when running the
plesk repair db -ncommand:
CONFIG_TEXT: Checking the consistency of the Plesk database
Wrong AUTO_INCREMENT values in the following tables: log_actions:
133509 ≠ 133510 ................................................... [ERROR]Fixing them via the database repair utility of Plesk is not always successful on the first attempt:
CONFIG_TEXT: Updating AUTO_INCREMENT values .................................. [FAILED]
- Updating AUTO_INCREMENT failed for tables: Notifications,
Notifications, Notifications, Notifications, Notifications,
NotificationsThey also reappear soon after they are eventually cleared via the database repair utility of Plesk
-
A lot of failed login attempt events can be found in the Plesk panel log for Windows (located at
%plesk_dir%admin\logs\php_error.log) and Linux (located at/var/log/plesk/panel.log) which may point to the fact that the Plesk server is under a brute force attack, the number of failed login attempts can be checked with commands:
-
The list of the source IP addresses and the number of attempts to connect from IP can be checked with the command:
# plesk bin action-log --show | \
grep 'User Login Attempt.*Failed' | \
awk '{if ($0 ~ /via API/) {print $1, "API"} else {print $1, "GUI"}}' | \
sort | uniq -c | \
awk '{print $2, $3, $1}' | \
sort -k2,2 | \
head -n 20 | \
column -t -
A great number of files exist in
/var/lib/plesk/task-manager/runtime/:# ls -l /var/lib/plesk/task-manager/runtime/ | wc -l
725680
-
Run the following PowerShell script to see source IP and number of failed attempts to connect:
PS plesk bin action-log --show | Select-String 'User Login Attempt.*Failed' | ForEach-Object { if ($_ -match 'via API') { [PSCustomObject]@{IP = $_.Line.Split(' ')[0]; Type = 'API'} } else { [PSCustomObject]@{IP = $_.Line.Split(' ')[0]; Type = 'GUI'} } } | Group-Object -Property IP, Type | Sort-Object Count -Descending | Select-Object -First 20 | Format-Table -Property @{Name='IP'; Expression={$_.Name.Split(',')[0]}}, @{Name='Type'; Expression={$_.Name.Split(',')[1]}}, Count -AutoSize
-
The large number of incomplete tasks can be found with the command:
PS (Get-ChildItem 'C:\Program Files (x86)\Plesk\var\task-manager\runtime' -Directory -Force).Count
Cause
There are constant failed login attempts to the Plesk GUI, to SSH, or to the FTP of your server, which confirms that this is simply an attack targeted towards your server.
This attack generates a great number of log files, and those need to be processed by the plesk-task-manager service.
Due to the sheer number of files and entries that it needs to process, the plesk-task-manager generates a higher than usual CPU load on your server.
Resolution
- Reduce the attack surface by making sure that you use the No Custom URLs option mentioned in this article
- Enable Configure Fail2Ban against Bruteforce Attack
- Restrict Administrator access to Plesk by IP address
- Enable multi-factor authentication (MFA) to access Plesk
- Configure rate limiting for login attempts to Plesk (feature available starting from Plesk Obsidian 18.0.70 only)
1. Connect to the server via SSH
2. Create a file called /usr/local/psa/admin/conf/task-manager.yml by using the existing "sample" file by executing the following command:
# cp /usr/local/psa/admin/conf/task-manager.yml.sample /usr/local/psa/admin/conf/task-manager.yml
3. Add the following directives by uncommenting them and adjusting the values accordingly:
timeouts:
gc:
successful: 1h
failed: 1h
incomplete: 1h 4. Restart the Plesk Task Manager service for the configuration to take effect:
# systemctl restart plesk-task-manager.service
After a minute the tasks will be removed by that action and you could remove task-manager.yml configuration file and restart the service again to have the task manager back to its default behavior.
5. Edit the unit file of the plesk-task-manager service to set a CPU quota by executing this command:
# systemctl edit --full plesk-task-manager
Set the following line under the [Service] section to limit the service to use a maximum of 50% of the CPU quota (you may change the percentage in accordance with your preferences) and save the changes:
CONFIG_TEXT: CPUQuota=50%
6. Reload the service configuration and restart the service:
# systemctl daemon-reload
# systemctl restart plesk-task-manager
7. Make sure that Fail2Ban is turned on for your entire server by using the steps on the following page of the Plesk Obsidian documentation:
8. Make sure the Web Application Firewall (ModSecurity) is turned on and set to use the OWASP rule set by using the steps on the following page of the Plesk Obsidian documentation:
Turning on ModSecurity | Web Application Firewall (ModSecurity) | Plesk Obsidian documentation
-
Connect to the server via RDP
-
Create the file
%plesk_dir%admin\conf\task-manager.ymlwith the following content:timeouts: gc: successful: 1h failed: 1h incomplete: 1h -
Open Plesk Services Monitor > Plesk Task Manager Service, select Plesk Task Manager Service and click Restart
-
Wait for 1-2 minutes for PleskTaskManager to start up completely
-
Remove the file
%plesk_dir%admin\conf\task-manager.yml -
Restart Plesk Task Manager Service again via Plesk Services Monitor > Plesk Task Manager Service, select Plesk Task Manager Service and click Restart
Comments
Please sign in to leave a comment.