Plesk extension / CrowdSec plugin

CrowdSec plugin protection for Plesk.

Bastion is the control layer between CrowdSec decisions and Plesk operations: AppSec rules, domain allow lists, expiries and audit context in one focused surface.

Install on Plesk Read docs

Decision

source IP + ASN

audit trail per support action

Scope

server default / domain exception

no accidental fleet-wide bypass

Expiry

time-boxed by default

exceptions auto-close, no whitelist sprawl

Live on production — fuseboat.co reference deployment

24,154
Active IP bans: 9,000+
Attacks blocked / day: 552
Active decisions

Refreshed weekly · last update 2026-05-21

Install

Marketplace extension. No custom package flow.

Connect

Test CrowdSec LAPI before enforcing decisions.

Scope

Server default with domain-level overrides.

Review

Source, hostname, scenario, decision, expiry.

Product cockpit

A tighter security workflow for shared hosting.

Every decision keeps its source, target hostname, scenario and expiry attached, so operators can enforce without losing context.

control

Decision inbox

CrowdSec scenarios arrive with target hostname, confidence and proposed remediation before an operator acts.

control

Scoped policy

Apply server defaults, then carve domain-specific allow lists with expiry and an operator note.

control

Support context

Every ban, captcha or bypass keeps enough evidence for the next ticket without leaving Plesk.

Bastion Security Live · refresh in 12s

1 818

attacks blocked in the last 24 hours

Last hour: 61
Active bans: 23,229
Whitelisted: 0
Kernel drops: 68,194

Engine · v1.7.8 LAPI · reachable Captcha pool · up Bouncers · 4/4

Top attack scenarios (24h)

7 unique · 50 hits

postfix-spam 23

vpatch-git-config 10

http-bf-wordpress_bf_xmlrpc 6

vpatch-env-access 6

http-bad-user-agent 3

http-probing 1

http-sensitive-files 1

Global threat map

17 countries · 50 attacks tracked

mail.fuseboat.co · Switzerland · 17 hot zones

Latest alerts

View all →

IN crowdsecurity/http-bf-wordpress_bf_xmlrpc 203.0.113.42 1 min ago

CL crowdsecurity/vpatch-git-config 34.81.156.252 8 min ago

US crowdsecurity/http-bad-user-agent 34.74.242.206 8 min ago

IN crowdsecurity/postfix-spam 182.95.110.186 9 min ago

Active decisions

View all →

ban 203.0.113.42 3h58m15s

ban 34.81.156.252 3h51m52s

ban 34.74.242.206 3h51m19s

ban 182.95.110.186 3h51m6s

ban 2001:db8:85a3::8a2e:370:7334 3h50m41s

Controls

Small surface area, specific jobs.

CrowdSec decisions in Plesk: Read LAPI decisions in the extension and apply blocks without asking every technician to SSH into the node.
AppSec L7 enforcement: Apply AppSec scenarios for scanner paths, exploit probes, and noisy HTTP clients before they tie up web workers.
CTI lookup with ASN + geo: Inspect any flagged IP with reputation, ASN, country and behaviour signals pulled from CrowdSec Threat Intelligence.
Live attack map: Real-time globe of inbound arcs sourced from local events, useful to watch a scan unfold and to brief stakeholders.
CrowdSec Hub manager: Install, remove and update collections, parsers, scenarios and AppSec rules directly from Plesk, no shell required.
Captcha branding and providers: Choose between hCaptcha, reCAPTCHA or Cloudflare Turnstile, then preview a custom logo and palette before deployment.
Per-domain allow lists: Resolve false positives with narrow exceptions: source, domain, and reason stay together in the panel.
Auto-recompile on nginx upgrade: APT hooks recompile the auth_request module against the new nginx ABI and roll back automatically if the build fails.

Architecture

From CrowdSec signal to Plesk-safe action.

Bastion Security sits between the CrowdSec decision stream and the Plesk operator, where scope, expiry and support context matter.

01

CrowdSec signal

source, scenario, confidence
02

Bastion policy

expiry, note, local override
03

Plesk scope

server default, domain allowlist
04

Bouncer action

ban, captcha, allow, rate-limit

operator sees

`source IP + ASN + target hostname + scenario + decision + expiry + operator note`, without leaving Plesk.

Stack fit

Bastion Security can sit beside Imunify.

It is not positioned as a monolithic suite. It is the Plesk-native control plane for CrowdSec decisions and operator-safe exceptions.

Complements Imunify360

Keep Imunify for suite-level malware, reputation and hardening. Add Bastion where CrowdSec decisions need Plesk-native scope and support review.

Operationalizes CrowdSec

Bastion turns LAPI signal into hostname-aware actions, expiring exceptions and readable audit context for hosting teams.

Replaces ad hoc Fail2Ban workflows

For Plesk operators, policy belongs in the extension workflow, not in copied jail snippets and SSH-only playbooks.

Marketplace

Plesk install

CrowdSec-native

LAPI

Scoped override

domain + expiry

Audit trail

support-readable

Pricing

Pick the operational scope.

Pro

CHF 19

Per-server commercial license for hosters running production Plesk domains.

Enterprise

Custom

Volume licensing for MSPs and hosting platforms. Pricing on request.

FAQ

Short answers for operators.

Install on one Plesk node. Validate before fleet rollout.

Install on Plesk

CrowdSec plugin protection for Plesk.

Install

Connect

Scope

Review

A tighter security workflow for shared hosting.

Decision inbox

Scoped policy

Support context

Top attack scenarios (24h)

Global threat map

Latest alerts

Active decisions

Small surface area, specific jobs.

From CrowdSec signal to Plesk-safe action.

CrowdSec signal

Bastion policy

Plesk scope

Bouncer action

Bastion Security can sit beside Imunify.

Complements Imunify360

Operationalizes CrowdSec

Replaces ad hoc Fail2Ban workflows

Pick the operational scope.

Pro

Enterprise

Short answers for operators.

Is there a CrowdSec plugin for Plesk?

How do I install CrowdSec on Plesk?

Does Bastion replace Fail2Ban?

Do I need CLI access?

Where do block decisions come from?

Can agencies whitelist client domains?

Install on one Plesk node. Validate before fleet rollout.