Technical support is available from any of the options below. All support requests must be made in English. You must be logged into our client area to open a ticket with the support, billing, and licensing departments.

The current local date and time is Sunday - 2026-07-19 09:50 MDT.




Installation Instructions

Learn how to install the product.

Getting Started

Learn how to configure the product.

Troubleshooting

Having problems? Learn how to diagnose and debug issues.

Knowledgebase

Self help questions and answers for product support, including pre-sales questions.


We provide free installation and configuration for all our paid licenses. Open a support ticket if you would like a support technician to install the extension for you. You must be root in order to run the command line installer. The installer must pass all validation tests (memory tests, repository tests) otherwise the installer will exit and not run. To Install/Upgrade Warden Anti-spam and Virus Protection Administrators can install/upgrade Warden using the command below: plesk bin extension --install-url https://www.danami.com/clients/downloads/warden.zip If installing for the first time you can login to Plesk and click the newly installed Warden Anti-spam and Virus Protection button on the left hand side of the navigation. You will be prompted to enter in your license key and start the setup wizard. You must go though the entire wizard in order to disable it. When running the configuration wizard for the first time it is important to apply the recommended settings for each page to apply the Plesk optimized settings for that section. You can view the installation progress using the command: tail -f /var/log/plesk/panel.log To Install/Upgrade Juggernaut Firewall Administrators can install/upgrade Juggernaut using the command below: plesk bin extension --install-url https://www.danami.com/clients/downloads/juggernaut.zip If installing for the first time you can login to Plesk and click the newly installed Juggernaut Firewall button on the left hand side of the navigation. You will be prompted to enter in your license key and start the setup wizard. You must go though the entire wizard in order to disable it. When running the configuration wizard for the first time it is important to apply the recommended settings for each page to apply the Plesk optimized settings for that section. You can view the installation progress using the command: tail -f /var/log/plesk/panel.log To Install/Upgrade Sentinel Anti-malware Administrators can install/upgrade Sentinel using the command below: plesk bin extension --install-url https://www.danami.com/clients/downloads/sentinel.zip If installing for the first time you can login to Plesk and click the newly installed Sentinel Anti-malware button on the left hand side of the navigation. You will be prompted to enter in your license key and start the setup wizard. You must go though the entire wizard in order to disable it. When running the configuration wizard for the first time it is important to apply the recommended settings for each page to apply the Plesk optimized settings for that section. You can view the installation progress using the command: tail -f /var/log/plesk/panel.log
View Full Article...

Overview This article provides instructions for obtaining a free MaxMind license key and configuring it within the panel application to enable geolocation services. Prerequisites Administrative access to the control panel Configuration Steps Create an account and register for a free license key at MaxMind Geolite2 Signup. Generate your license key. When prompted with "Will this key be used for geoipupdate?", select No. Navigate to Extension > Settings > Panel Application > Geolocation Settings within the control panel interface. Enter the generated license key into the MaxMind license key field. Click the Update button to apply and save your configuration. Troubleshooting New Key Not Recognized: MaxMind requires up to 30 minutes to propagate and recognize a newly generated license key. If the system reports an invalid or unrecognized key immediately after configuration, wait the recommended period before attempting validation again.
View Full Article...

Overview This guide details the procedures for integrating AbuseIPDB into your environment to perform IP reputation checks, report malicious activity, and configure automated blocklists using the Juggernaut Firewall extension. Prerequisites An active AbuseIPDB account A valid AbuseIPDB API key Juggernaut Firewall extension (required for Block Reporting and Login Failure Daemon features) Configure AbuseIPDB API Integration Create a free account at the AbuseIPDB Registration page. The free tier supports up to 1,000 checks per day. Generate your API key via the API Management Portal. Navigate to Settings -> Network Tools Settings -> Reputation Settings. Paste your API key into the AbuseIPDB API key field. (Optional) Select the Block Reporting checkbox to enable automatic reporting of failed trigger blocks via the login failure daemon. This feature requires the Juggernaut Firewall extension. Click Update to apply the configuration. Check IP Reputation To verify the reputation status of an IP address: Select the target IP address from your interface. Click Reputation to initiate a lookup against the AbuseIPDB database. Report an IP Address To submit a malicious IP address to AbuseIPDB: Select the target IP address. Choose Report from the operation dropdown menu. Select the applicable abuse categories that describe the activity. Submit the report. Remove a Reported IP Address To retract a previously submitted report: Select the target IP address. Choose Clear from the operation dropdown menu. Note: The API limits clear operations to 10 per day. For additional removals, refer to the official documentation: Removing Reported IP Addresses. Enable Block Reporting When Block Reporting is enabled, the login failure daemon automatically submits failed trigger blocks to AbuseIPDB. This functionality requires the Juggernaut Firewall extension. Configure AbuseIPDB Blocklist Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> IP Block Lists. Click the edit icon adjacent to the AbuseIPDB block list entry. In the source URL field, replace YOUR_API_KEY with your actual API key. Select the Enabled checkbox and click Submit to save the configuration. Click the Restart button on the grid to apply changes. This triggers the login failure daemon to download the updated blocklist. // Default Source URL https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=YOUR_API_KEY // Replace YOUR_API_KEY with the API key that you generate https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1f Verify Blocklist Download & Logs Monitor the blocklist download process via Logs -> LDF log. Successful downloads will display IPSET switching and loading entries: 2022-01-19 01:28:53 PM 5105 IPSET: switching set new_6_ABUSEIPDB to bl_6_ABUSEIPDB 2022-01-19 01:28:53 PM 5105 IPSET: loading set new_6_ABUSEIPDB with 99 entries 2022-01-19 01:28:52 PM 5105 IPSET: switching set new_ABUSEIPDB to bl_ABUSEIPDB 2022-01-19 01:28:52 PM 5105 IPSET: loading set new_ABUSEIPDB with 46914 entries Blocklist entries are stored in the /var/lib/csf/ directory. CSF automatically optimizes downloaded blocklists by deduplicating IP addresses that already exist in other active lists. To verify the entry count via command line: # wc -l /var/lib/csf/csf.block.ABUSEIPDB 74140 /var/lib/csf/csf.block.ABUSEIPDB Free vs. Paid Plan Configuration The free plan restricts blocklists to a maximum of 10,000 IP addresses. Paid subscribers can increase the volume by adjusting the limit and confidenceMinimum parameters in the source URL. Important: Before increasing the limit, update the Juggernaut Firewall configuration to prevent ipset capacity errors: Navigate to Juggernaut Firewall -> Settings -> General Settings. Increase the Ipset maxelem value to exceed your target limit (e.g., 100,000). // Paid source URL example with limit set to 100,000 IP addresses and a confidenceMinimum set to 75 https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=100000&confidenceMinimum=75&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1f To determine the optimal confidence threshold for your use case, review the IP distribution graph available at the AbuseIPDB Blacklist Dashboard. Troubleshooting Blocklist fails to load: Verify that the Ipset maxelem value in Juggernaut Firewall General Settings exceeds the total number of IPs defined by your API limit. Duplicate IP warnings: CSF automatically deduplicates entries across blocklists. This is expected behavior and does not indicate an error. Clear operation limit reached: The AbuseIPDB API restricts report removals to 10 per day. Exceeding this requires manual intervention via the AbuseIPDB web portal.
View Full Article...

Overview This article provides step-by-step instructions for verifying the functionality of the server's anti-spam and anti-virus filters using standardized test messages. The procedures utilize the GTUBE string for SpamAssassin validation and the EICAR test file for ClamAV validation. Prerequisites Root or sudo access to the server. A valid email account hosted on the target server. Replace emailonserver@example.com with the actual recipient address in all commands. Greylisting must be disabled for the recipient domain prior to testing. Execute the following command: /usr/local/psa/bin/grey_listing --update-domain example.com -status off Testing SpamAssassin To validate the anti-spam filter, send a GTUBE test email. This string is designed to trigger a maximum spam score (+1000), ensuring detection even if the recipient mailbox is whitelisted (whitelisting typically applies a -100 score modifier). Install the required mail utility based on your operating system: AlmaLinux/CloudLinux/RHEL: yum install s-nail Debian/Ubuntu: apt-get install s-nail Send the GTUBE test message: echo "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" | s-nail -S v15-compat -S smtp-auth=none -S mta=smtp://localhost -S from="sender@tester.com" -s "Spam test example" emailonserver@example.com Verify the result. A properly configured filter will reject the message with a rejection notice: s-nail: SMTP server: 554 5.7.0 Reject, id=511331-04 - spam /root/dead.letter 10/298 s-nail: ... message not sent Confirm the rejection in Warden -> Logs -> Message Log and the system maillog. Testing ClamAV To validate the anti-virus filter, send an email containing the EICAR test file. This is a standardized safe string used to verify antivirus detection without using actual malware. Install the required mail utility (if not already installed): AlmaLinux/CloudLinux/RHEL: yum install s-nail Debian/Ubuntu: apt-get install s-nail Download the EICAR test file: wget http://www.eicar.org/download/eicar.com.txt Send the test message with the attachment: echo "TEST MESSAGE w/ ATTACHMENT" | s-nail -S v15-compat -S smtp-auth=none -S mta=smtp://localhost -S from="sender@tester.com" -s "A/V test example" -a eicar.com.txt emailonserver@example.com Verify the result. A properly configured filter will reject the message with an infected status: s-nail: SMTP server: 554 5.7.0 Reject, id=511330-04 - INFECTED: {HEX}test.test.eicar.1040.UNOFFICIAL /root/dead.letter 30/938 s-nail: ... message not sent Confirm the rejection in Warden -> Logs -> Message Log and the system maillog. Troubleshooting & Common Issues Greylisting Interference: If greylisting is enabled for the recipient domain, test messages may be delayed or queued rather than immediately processed by the filters. Ensure it is disabled using the command provided in the Prerequisites section before testing. Whitelisting Behavior: The GTUBE string assigns a +1000 spam score. Standard whitelists typically apply a maximum negative modifier of -100. Consequently, whitelisted addresses will still trigger a rejection during this test, which is expected behavior. Log Verification: If the command-line output does not show a rejection notice, check Warden -> Logs -> Message Log and the system maillog for detailed processing information. Ensure the target email account exists on the server before running tests.
View Full Article...

Overview This article provides step-by-step instructions for removing or clearing reported IP addresses. Administrators can manage IP reputation data directly through the Extension Interface, while registered users may utilize the AbuseIPDB website to remove reports or submit formal take-down requests. Prerequisites Administrative access to the extension interface (required for Method 1) A valid, registered account on the AbuseIPDB platform (required for Methods 2 and 3) Method 1: Clear an IP Address via the Extension Interface To clear a reported IP address using the extension interface, follow these steps: Navigate to any grid page within the interface. Click on the target IP address you wish to modify. Select the Reputation tab from the available options. Choose the Clear operation to remove the reported status. Method 2: Remove Reports via the AbuseIPDB Website Registered users can manage and remove their submitted reports directly through the AbuseIPDB user control panel. Log in to your AbuseIPDB account. Navigate to the Reports section. Select the specific report you wish to remove and confirm the deletion. Method 3: Submit a Take Down Request All registered users can utilize the take-down request feature available on individual IP address pages. This option allows you to formally request the removal of an IP report. Navigate to the specific page for the reported IP address. Locate the take-down request interface provided on the page. Complete and submit the required information to initiate the review process.
View Full Article...

Overview This article outlines the procedure for enabling PHP mail logging to track the origin of outbound scripts. By configuring the mail.add_x_header directive, the server will append an X-PHP-Originating-Script header to outgoing emails. This header contains the user ID (UID) and script filename responsible for generating the message, facilitating accurate auditing and troubleshooting. Prerequisites Root or sudo access to the server Knowledge of installed PHP versions and their corresponding configuration paths Access to the mail message log interface and Warden queue dashboard Enable Mail Header Logging Follow these steps to activate header logging across all active PHP configurations: Update the base PHP configuration file (if standard OS packages are installed):
// turn on for the OS default php version if you have the base PHP packages installed sed -i -e "s/^mail.add_x_header = Off/mail.add_x_header = On/" /etc/php.ini Update all Plesk-managed PHP versions:
// turn on for all of the Plesk PHP versions sed -i -e "s/^mail.add_x_header = Off/mail.add_x_header = On/" /opt/plesk/php/*/etc/php.ini Restart PHP-FPM services to apply the configuration changes:
// restart any PHP FPM instances systemctl restart plesk-php73-fpm systemctl restart plesk-php74-fpm systemctl restart plesk-php80-fpm Verify Header in Message Logs After applying the configuration, outbound messages generated by PHP will include the X-PHP-Originating-Script header. To view this information: Navigate to the message log interface. Select a relevant message entry and click the plus icon to expand details. Locate the X-PHP-Originating-Script header, which displays the UID of the executing user and the script filename. Identify User and Script Location The header follows the format: X-PHP-Originating-Script: [UID]:[script_name]. For example: X-PHP-Originating-Script: 10000:class.phpmailer.php To resolve the UID to a system account and locate the script directory, perform the following steps: Resolve the User Account: Query the system password file using the logged UID.
grep UID /etc/passwd Locate the Script File: Search the corresponding vhost directory for the script name. Replace the path and filename with your specific values.
find /var/www/vhosts/example.com/httpdocs -type f -name "class.phpmailer.php" View Header Information in the Warden Queue The Warden queue interface automatically parses the X-PHP-Originating-Script header when available. When viewing a queued message, navigate to the **PHP** tab. The system will resolve the local user information and scan the associated vhost directory for matching script files. Troubleshooting Header not appearing in logs: Verify that the correct php.ini file was modified and confirm that all relevant PHP-FPM services were successfully restarted. UID resolution fails: Ensure the UID matches an active system user by checking /etc/passwd. Mismatches may indicate a deleted account or misconfigured virtual host permissions. Script file not found: Confirm that the search path corresponds to the correct vhost directory. Adjust the base path in the find command if your hosting structure differs from the default layout.
View Full Article...

Overview The Bad Header Destiny feature in Warden controls how the mail server processes and delivers emails containing malformed, non-compliant, or structurally invalid headers. Administrators can manage this behavior through global policy settings, per-policy bank configurations, or direct Amavis configuration modifications. Default Configuration and Server-Wide Policy The default setting under Warden > Settings > Content Filter > Content Filter Settings > Bad header destiny is set to reject. The server-wide policy option under Warden > Settings > Content Filter > Policy Settings > Receive bad header emails determines delivery behavior: Yes (Default): Allows emails with invalid headers to pass through to the recipient's mailbox. Amavis retains a quarantined copy for administrative review and automatically purges it after 30 days. No: Blocks delivery of emails containing bad headers, preventing them from reaching the user's mailbox. Disable All Bad Header Tests (Global) To completely bypass header validation across the entire server, modify the Amavis configuration file and restart the service. Edit the appropriate configuration file based on your operating system: AlmaLinux/CloudLinux/RHEL: /etc/amavisd/warden.conf Debian/Ubuntu: /etc/amavis/conf.d/99-warden Locate the @bypass_header_checks_maps directive and update it as follows: Original configuration: @bypass_header_checks_maps = (\%bypass_header_checks, \@bypass_header_checks_acl, \$bypass_header_checks_re); Updated configuration: @bypass_header_checks_maps = [1]; Restart the Amavis service to apply changes: // AlmaLinux/CloudLinux/RHEL systemctl restart amavisd // Debian/Ubuntu systemctl restart amavis Disable Bad Header Tests for a Specific Policy Bank To disable header validation exclusively for outgoing email within a specific policy bank: Navigate to Warden > Settings > Policy Banks. Select the target policy bank. Set Disable bad header filter to Yes. Save the configuration changes. Disable Specific Bad Header Tests You can selectively disable individual header validation rules by modifying the $allowed_header_tests variable. Setting a test value to 0 disables that specific check. Available header tests: other: Catchall for unclassified checks (typically unused) mime: Invalid MIME headers or malformed MIME structure 8bit: Unencoded 8-bit characters in headers control: Invalid control characters (CR or NUL) empty: Folded header fields containing only whitespace long: Header lines exceeding the RFC 2822 limit of 998 characters syntax: Header field syntax errors or missing required fields multiple: Duplicate or repeated header fields To disable specific tests, edit the same configuration files listed above and append the desired rules to the $allowed_header_tests block. For example, to disable duplicate headers and missing required fields: $allowed_header_tests{'multiple'} = 0; $allowed_header_tests{'missing'} = 0; Restart the Amavis service after modifying the configuration: // AlmaLinux/CloudLinux/RHEL systemctl restart amavisd // Debian/Ubuntu systemctl restart amavis Troubleshooting and Verification Configuration not applying: Verify that the Amavis service has fully restarted. Check for syntax errors in the configuration files by running a config validation test. Emails still being rejected after disabling tests: Ensure no conflicting rules exist in other policy banks, global content filter settings, or external spam filtering layers.
View Full Article...

Overview This article provides instructions for accessing detailed spam analysis reports, reviewing matched filtering rules, and interpreting scoring metrics within the message and filter logs. These features support email security monitoring and system performance optimization. Accessing Spam Reports To view a comprehensive breakdown of matched spam filtering rules for a specific message: Navigate to the Message Log. Locate the target entry and click the magnifying glass icon adjacent to it. Select the Spam Report tab to display the detailed rule analysis. Viewing Rule Breakdowns and Scan Times You can also review matched rules and message processing durations directly within the filter logs: Open the Filter Log tab. Locate the target log entry and examine the Tests: line to view all evaluated rules and their corresponding scores. Review the final value in each log entry (measured in milliseconds) to identify message scan times. This metric is essential for diagnosing performance bottlenecks during email processing. Example Log Entry Passed SPAMMY {AcceptedInbound} AM.PDP-SOCK [167.89.95.154] [167.89.95.154] /AM.PDP <bounces+3190231-9d63-mel.t=example.ca@email.marketing.example.com> -> <mel.t@test.com> (167.89.95.154) Queue-ID: 8B6A6405AC174 Message-ID: <WVQF-ccBSEW7qvSZeUwJ6A@geopod-ismtpd-0> mail_id: On8b6VlSO_BP b: jilxoWz0u Hits: 9.667 size: 17080 Subject: "Wow you got 2 clicks – see who! (raw: Wow you got 2 clicks =?UTF-8?B?4oCT?= see who!)" From: <membersuccess@example.com> helo=o5.sg.marketing.example.com Tests: [BAYES_00=-1.9,DCC_CHECK=2,DCC_REPUT_13_19=-0.1,DKIMWL_WL_HIGH=-0.687,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,KAM_BODY_URIBL_PCCC=9,KAM_FROM_URIBL_PCCC=9,RCVD_IN_MSPIKE_H2=-0.001,SPF_HELO_NONE=0.001,SPF_PASS=-0.001,TXREP=-7.638,T_SCC_BODY_TEXT_LINE=-0.01,URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no autolearnscore=19.205 languages=en relaycountry=US asn=AS11377_167.89.64.0/19 dkim_i=@marketing.example.com dkim_sd=s1:marketing.example.com 3125 ms Understanding Rule Scoring The Tests: line displays individual rule evaluations that contribute to the final spam classification: Negative Scores: Indicate rules that classify the message as legitimate (HAM). These values reduce the overall spam score. Positive Scores: Indicate rules that flag characteristics associated with unsolicited mail (SPAM). These values increase the overall spam score. If the cumulative positive score exceeds the configured policy threshold, the message is classified as SPAM and handled according to system policies. Example Tests Line Tests: [BAYES_00=-1.9,DCC_CHECK=2,DCC_REPUT_13_19=-0.1,DKIMWL_WL_HIGH=-0.687,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,KAM_BODY_URIBL_PCCC=9,KAM_FROM_URIBL_PCCC=9,RCVD_IN_MSPIKE_H2=-0.001,SPF_HELO_NONE=0.001,SPF_PASS=-0.001,TXREP=-7.638,T_SCC_BODY_TEXT_LINE=-0.01,URIBL_BLOCKED=0.001] Troubleshooting and Performance Debugging Elevated Scan Times: If message processing durations consistently exceed acceptable thresholds, review the number of active filtering rules or external DNS lookups contributing to latency. Misclassified Messages: Analyze individual rule scores within the Tests: line to identify which specific checks are driving the classification. Adjust policy thresholds or update whitelist/blacklist configurations as required.
View Full Article...

View All...


Installation Instructions

Learn how to install the product.

Getting Started

Learn how to configure the product.

Troubleshooting

Having problems? Learn how to diagnose and debug issues.

Knowledgebase

Self help questions and answers for product support, including pre-sales questions.


We provide free installation and configuration for all our paid licenses. Open a support ticket if you would like a support technician to install the extension for you. You must be root in order to run the command line installer. The installer must pass all validation tests (memory tests, repository tests) otherwise the installer will exit and not run. To Install/Upgrade Warden Anti-spam and Virus Protection Administrators can install/upgrade Warden using the command below: plesk bin extension --install-url https://www.danami.com/clients/downloads/warden.zip If installing for the first time you can login to Plesk and click the newly installed Warden Anti-spam and Virus Protection button on the left hand side of the navigation. You will be prompted to enter in your license key and start the setup wizard. You must go though the entire wizard in order to disable it. When running the configuration wizard for the first time it is important to apply the recommended settings for each page to apply the Plesk optimized settings for that section. You can view the installation progress using the command: tail -f /var/log/plesk/panel.log To Install/Upgrade Juggernaut Firewall Administrators can install/upgrade Juggernaut using the command below: plesk bin extension --install-url https://www.danami.com/clients/downloads/juggernaut.zip If installing for the first time you can login to Plesk and click the newly installed Juggernaut Firewall button on the left hand side of the navigation. You will be prompted to enter in your license key and start the setup wizard. You must go though the entire wizard in order to disable it. When running the configuration wizard for the first time it is important to apply the recommended settings for each page to apply the Plesk optimized settings for that section. You can view the installation progress using the command: tail -f /var/log/plesk/panel.log To Install/Upgrade Sentinel Anti-malware Administrators can install/upgrade Sentinel using the command below: plesk bin extension --install-url https://www.danami.com/clients/downloads/sentinel.zip If installing for the first time you can login to Plesk and click the newly installed Sentinel Anti-malware button on the left hand side of the navigation. You will be prompted to enter in your license key and start the setup wizard. You must go though the entire wizard in order to disable it. When running the configuration wizard for the first time it is important to apply the recommended settings for each page to apply the Plesk optimized settings for that section. You can view the installation progress using the command: tail -f /var/log/plesk/panel.log
View Full Article...

Overview ConfigServer Security & Firewall (CSF) operates using the iptables interface. When upgrading to Debian 11, Ubuntu 20.04 LTS, or Ubuntu 22.04 LTS, the operating system defaults to nftables. To maintain CSF compatibility, you must configure the system to use iptables-nft, which acts as a bridge to the underlying nftables kernel API and infrastructure. Prerequisites Root or sudo access to the server Apt package manager available Verify Current iptables Variant Modern Linux distributions provide two variants of the iptables command: nf_tables (iptables-nft): Recommended. Provides a compatibility layer for nftables. legacy (iptables-legacy): Deprecated and not recommended for newer kernels. Confirm which variant is currently active by checking the iptables version. The output will indicate (nf_tables) if the recommended bridge is in use: # iptables -V iptables v1.8.4 (nf_tables) Configure System Alternatives If the system is not using iptables-nft, configure the alternatives manager to switch variants: Execute the following command to view available options: # update-alternatives --config iptables There are 2 choices for the alternative iptables (providing /usr/sbin/iptables). Selection Path Priority Status ------------------------------------------------------------ * 0 /usr/sbin/iptables-nft 20 auto mode 1 /usr/sbin/iptables-legacy 10 manual mode 2 /usr/sbin/iptables-nft 20 manual mode Press <enter> to keep the current choice[*], or type selection number: Select option 2 (or the corresponding number for /usr/sbin/iptables-nft) and press Enter. Update Symbolic Links Re-link the symbolic links to ensure all iptables utilities point to the correct alternatives directory: ln -s /etc/alternatives/iptables /sbin/iptables 2>/dev/null ln -s /etc/alternatives/iptables-save /sbin/iptables-save 2>/dev/null ln -s /etc/alternatives/iptables-restore /sbin/iptables-restore 2>/dev/null ln -s /etc/alternatives/ip6tables /sbin/ip6tables 2>/dev/null ln -s /etc/alternatives/ip6tables-save /sbin/ip6tables-save 2>/dev/null ln -s /etc/alternatives/ip6tables-restore /sbin/ip6tables-restore 2>/dev/null Apply Configuration in Juggernaut Firewall Finalize the configuration within the control panel: Navigate to Juggernaut Firewall > Settings > Binary Settings. Click the default button at the bottom of the page to apply the correct iptables binary paths. Troubleshooting If CSF fails to start or reports missing binaries after completing these steps: Verify that iptables-nft is active by running # iptables -V. The output must include (nf_tables). Ensure the symbolic links were created successfully without errors. Restart the CSF service after applying changes in Juggernaut Firewall to load the updated binary paths.
View Full Article...

Overview This article provides instructions for obtaining a free MaxMind license key and configuring it within the panel application to enable geolocation services. Prerequisites Administrative access to the control panel Configuration Steps Create an account and register for a free license key at MaxMind Geolite2 Signup. Generate your license key. When prompted with "Will this key be used for geoipupdate?", select No. Navigate to Extension > Settings > Panel Application > Geolocation Settings within the control panel interface. Enter the generated license key into the MaxMind license key field. Click the Update button to apply and save your configuration. Troubleshooting New Key Not Recognized: MaxMind requires up to 30 minutes to propagate and recognize a newly generated license key. If the system reports an invalid or unrecognized key immediately after configuration, wait the recommended period before attempting validation again.
View Full Article...

Overview This guide details the procedures for integrating AbuseIPDB into your environment to perform IP reputation checks, report malicious activity, and configure automated blocklists using the Juggernaut Firewall extension. Prerequisites An active AbuseIPDB account A valid AbuseIPDB API key Juggernaut Firewall extension (required for Block Reporting and Login Failure Daemon features) Configure AbuseIPDB API Integration Create a free account at the AbuseIPDB Registration page. The free tier supports up to 1,000 checks per day. Generate your API key via the API Management Portal. Navigate to Settings -> Network Tools Settings -> Reputation Settings. Paste your API key into the AbuseIPDB API key field. (Optional) Select the Block Reporting checkbox to enable automatic reporting of failed trigger blocks via the login failure daemon. This feature requires the Juggernaut Firewall extension. Click Update to apply the configuration. Check IP Reputation To verify the reputation status of an IP address: Select the target IP address from your interface. Click Reputation to initiate a lookup against the AbuseIPDB database. Report an IP Address To submit a malicious IP address to AbuseIPDB: Select the target IP address. Choose Report from the operation dropdown menu. Select the applicable abuse categories that describe the activity. Submit the report. Remove a Reported IP Address To retract a previously submitted report: Select the target IP address. Choose Clear from the operation dropdown menu. Note: The API limits clear operations to 10 per day. For additional removals, refer to the official documentation: Removing Reported IP Addresses. Enable Block Reporting When Block Reporting is enabled, the login failure daemon automatically submits failed trigger blocks to AbuseIPDB. This functionality requires the Juggernaut Firewall extension. Configure AbuseIPDB Blocklist Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> IP Block Lists. Click the edit icon adjacent to the AbuseIPDB block list entry. In the source URL field, replace YOUR_API_KEY with your actual API key. Select the Enabled checkbox and click Submit to save the configuration. Click the Restart button on the grid to apply changes. This triggers the login failure daemon to download the updated blocklist. // Default Source URL https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=YOUR_API_KEY // Replace YOUR_API_KEY with the API key that you generate https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1f Verify Blocklist Download & Logs Monitor the blocklist download process via Logs -> LDF log. Successful downloads will display IPSET switching and loading entries: 2022-01-19 01:28:53 PM 5105 IPSET: switching set new_6_ABUSEIPDB to bl_6_ABUSEIPDB 2022-01-19 01:28:53 PM 5105 IPSET: loading set new_6_ABUSEIPDB with 99 entries 2022-01-19 01:28:52 PM 5105 IPSET: switching set new_ABUSEIPDB to bl_ABUSEIPDB 2022-01-19 01:28:52 PM 5105 IPSET: loading set new_ABUSEIPDB with 46914 entries Blocklist entries are stored in the /var/lib/csf/ directory. CSF automatically optimizes downloaded blocklists by deduplicating IP addresses that already exist in other active lists. To verify the entry count via command line: # wc -l /var/lib/csf/csf.block.ABUSEIPDB 74140 /var/lib/csf/csf.block.ABUSEIPDB Free vs. Paid Plan Configuration The free plan restricts blocklists to a maximum of 10,000 IP addresses. Paid subscribers can increase the volume by adjusting the limit and confidenceMinimum parameters in the source URL. Important: Before increasing the limit, update the Juggernaut Firewall configuration to prevent ipset capacity errors: Navigate to Juggernaut Firewall -> Settings -> General Settings. Increase the Ipset maxelem value to exceed your target limit (e.g., 100,000). // Paid source URL example with limit set to 100,000 IP addresses and a confidenceMinimum set to 75 https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=100000&confidenceMinimum=75&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1f To determine the optimal confidence threshold for your use case, review the IP distribution graph available at the AbuseIPDB Blacklist Dashboard. Troubleshooting Blocklist fails to load: Verify that the Ipset maxelem value in Juggernaut Firewall General Settings exceeds the total number of IPs defined by your API limit. Duplicate IP warnings: CSF automatically deduplicates entries across blocklists. This is expected behavior and does not indicate an error. Clear operation limit reached: The AbuseIPDB API restricts report removals to 10 per day. Exceeding this requires manual intervention via the AbuseIPDB web portal.
View Full Article...

Overview This article provides step-by-step instructions for removing or clearing reported IP addresses. Administrators can manage IP reputation data directly through the Extension Interface, while registered users may utilize the AbuseIPDB website to remove reports or submit formal take-down requests. Prerequisites Administrative access to the extension interface (required for Method 1) A valid, registered account on the AbuseIPDB platform (required for Methods 2 and 3) Method 1: Clear an IP Address via the Extension Interface To clear a reported IP address using the extension interface, follow these steps: Navigate to any grid page within the interface. Click on the target IP address you wish to modify. Select the Reputation tab from the available options. Choose the Clear operation to remove the reported status. Method 2: Remove Reports via the AbuseIPDB Website Registered users can manage and remove their submitted reports directly through the AbuseIPDB user control panel. Log in to your AbuseIPDB account. Navigate to the Reports section. Select the specific report you wish to remove and confirm the deletion. Method 3: Submit a Take Down Request All registered users can utilize the take-down request feature available on individual IP address pages. This option allows you to formally request the removal of an IP report. Navigate to the specific page for the reported IP address. Locate the take-down request interface provided on the page. Complete and submit the required information to initiate the review process.
View Full Article...

Overview The ModSecurity audit log captures detailed transaction data for security analysis, compliance auditing, and incident response. Administrators can control which transactions are recorded, what specific data is included in each entry, and how long records are retained using dedicated configuration directives within the firewall interface. Audit Logging Directives The following directives determine the scope and content of ModSecurity audit logging: SecAuditEngine
Configures the behavior of the audit logging engine. Available values include: On: Logs all transactions by default. Off: Disables transaction logging by default. RelevantOnly: Logs only transactions that trigger a warning or error, or return an HTTP status code defined as relevant via SecAuditLogRelevantStatus. SecAuditLogRelevantStatus
Defines which HTTP response status codes are considered relevant for audit logging when the engine is set to RelevantOnly. This parameter accepts a regular expression. SecAuditLogParts
Specifies which sections of transaction data are included in the log. The default value is ABCFHZ. Available parts include: A: Audit log header (mandatory). B: Request headers. C: Request body (logged only if present and ModSecurity is configured to intercept it). D: Reserved for intermediary response headers (not implemented). E: Intermediary response body (logged only if ModSecurity intercepts response bodies). Note: This differs from the final response body if ModSecurity modifies the output. F: Final response headers (excludes Date and Server headers, which are appended by Apache during content delivery). G: Reserved for the actual response body (not implemented). H: Audit log trailer. I: Replacement for part C. Logs identical data to C, except for multipart/form-data requests, where it logs a sanitized application/x-www-form-urlencoded representation containing parameter names but excluding file contents. Recommended for reducing audit log storage consumption. J: Reserved for uploaded file information using multipart/form-data encoding (not implemented). Z: Final boundary marker indicating the end of the entry (mandatory). Configuration Example To configure ModSecurity to log only 5XX and 4XX status codes while optimizing storage by excluding large file uploads, apply the following custom directives: Navigate to Tools & Settings -> Web Application Firewall (ModSecurity) -> Settings. In the Custom directives textarea, enter the following configuration: SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4)" SecAuditLogParts ABIFHZ SecAuditLogType Concurrent SecAuditLogStorageDir /var/log/modsecurity/audit Data Retention Settings To manage disk space and comply with data retention policies, administrators can configure how long audit log records are stored: Navigate to Juggernaut Firewall -> Settings -> Database Maintenance. Select the Maintenance Settings tab. Locate the Delete modsecurity logs after field and specify the desired retention period in days. Troubleshooting & Common Issues Empty Audit Logs: Verify that SecAuditEngine is set to On or RelevantOnly. If using RelevantOnly, confirm that the regular expression in SecAuditLogRelevantStatus correctly matches the expected HTTP status codes. Excessive Log Volume: Replace part C with part I in SecAuditLogParts to exclude large file uploads from the audit log. Additionally, adjust the data retention period to automatically purge older records. Missing Response Data: Ensure that ModSecurity is explicitly configured to intercept response bodies if parts E or F are required in your logging strategy.
View Full Article...

Overview This article provides instructions for managing the Juggernaut Firewall state directly from the command line interface (CLI). Use these procedures to temporarily disable or re-enable firewall protection as required by your operational workflow. Prerequisites Root or sudo access to the target server Juggernaut Firewall (csf) installed and configured Disabling and Enabling the Firewall Execute the following commands in your terminal to modify the firewall status: To disable the firewall: csf -x To re-enable the firewall: csf -e Viewing Available Commands To retrieve a complete list of command-line options, flags, and usage syntax, execute the following: csf --help Troubleshooting & Common Issues Command not found: Verify that Juggernaut Firewall is properly installed and that the executable directory is included in your system's PATH environment variable. Permission denied: Ensure you are executing commands with elevated privileges. Prefix commands with sudo or switch to a root shell if necessary. Firewall fails to restart: Check the csf configuration files for syntax errors and review system logs for dependency conflicts before re-running the enable command.
View Full Article...

Yes we support blocking attacks like these very easily. See below for more information: How can I enable a custom login failure trigger for an application? https://www.danami.com/clients/knowledgebase/174/How-can-I-enable-a-custom-login-failure-trigger-for-an-application.html Login Failure Custom Triggers https://docs.danami.com/juggernaut/user-guide/login-failure-custom-triggers  
View Full Article...

View All...


Installation Instructions

Learn how to install the product.

Getting Started

Learn how to configure the product.

Troubleshooting

Having problems? Learn how to diagnose and debug issues.

Knowledgebase

Self help questions and answers for product support, including pre-sales questions.


We provide free installation and configuration for all our paid licenses. Open a support ticket if you would like a support technician to install the extension for you. You must be root in order to run the command line installer. The installer must pass all validation tests (memory tests, repository tests) otherwise the installer will exit and not run. To Install/Upgrade Warden Anti-spam and Virus Protection Administrators can install/upgrade Warden using the command below: plesk bin extension --install-url https://www.danami.com/clients/downloads/warden.zip If installing for the first time you can login to Plesk and click the newly installed Warden Anti-spam and Virus Protection button on the left hand side of the navigation. You will be prompted to enter in your license key and start the setup wizard. You must go though the entire wizard in order to disable it. When running the configuration wizard for the first time it is important to apply the recommended settings for each page to apply the Plesk optimized settings for that section. You can view the installation progress using the command: tail -f /var/log/plesk/panel.log To Install/Upgrade Juggernaut Firewall Administrators can install/upgrade Juggernaut using the command below: plesk bin extension --install-url https://www.danami.com/clients/downloads/juggernaut.zip If installing for the first time you can login to Plesk and click the newly installed Juggernaut Firewall button on the left hand side of the navigation. You will be prompted to enter in your license key and start the setup wizard. You must go though the entire wizard in order to disable it. When running the configuration wizard for the first time it is important to apply the recommended settings for each page to apply the Plesk optimized settings for that section. You can view the installation progress using the command: tail -f /var/log/plesk/panel.log To Install/Upgrade Sentinel Anti-malware Administrators can install/upgrade Sentinel using the command below: plesk bin extension --install-url https://www.danami.com/clients/downloads/sentinel.zip If installing for the first time you can login to Plesk and click the newly installed Sentinel Anti-malware button on the left hand side of the navigation. You will be prompted to enter in your license key and start the setup wizard. You must go though the entire wizard in order to disable it. When running the configuration wizard for the first time it is important to apply the recommended settings for each page to apply the Plesk optimized settings for that section. You can view the installation progress using the command: tail -f /var/log/plesk/panel.log
View Full Article...

Overview This article provides instructions for obtaining a free MaxMind license key and configuring it within the panel application to enable geolocation services. Prerequisites Administrative access to the control panel Configuration Steps Create an account and register for a free license key at MaxMind Geolite2 Signup. Generate your license key. When prompted with "Will this key be used for geoipupdate?", select No. Navigate to Extension > Settings > Panel Application > Geolocation Settings within the control panel interface. Enter the generated license key into the MaxMind license key field. Click the Update button to apply and save your configuration. Troubleshooting New Key Not Recognized: MaxMind requires up to 30 minutes to propagate and recognize a newly generated license key. If the system reports an invalid or unrecognized key immediately after configuration, wait the recommended period before attempting validation again.
View Full Article...

Overview This article provides step-by-step instructions for initiating malware scans, reviewing scan results, and managing detected threats using Sentinel Anti-malware. Running a Malware Scan Navigate to Sentinel Anti-malware > Scan. Select the specific domains you wish to scan, or choose All domains to include every domain in your account. Click the Scan button to initiate the process. Once the scan completes, locate the generated report under the Reports tab. Viewing Scan Reports Navigate to Sentinel Anti-malware > Reports. In the results grid, click the desired Scan ID to open the detailed report. Review any identified threats listed under the Malware Hits section. Managing Detected Threats Open the relevant scan report and select the Actions tab. Select a remediation operation from the dropdown menu: Quarantine, Restore, Clean, or Email. Click the Run button to execute the selected action.
View Full Article...

Overview Sentinel Anti-malware provides an automatic quarantine feature that isolates detected viruses and malware immediately upon identification. This guide outlines the steps to enable automated threat isolation within your environment. Prerequisites Administrative access to the Sentinel Anti-malware control panel. Note: Before enabling automatic quarantine, it is strongly recommended to perform a full scan of all domains with quarantine disabled. This allows you to identify and resolve any potential false positives before automated isolation is active. Procedure: Enabling Automatic Quarantine Navigate to Sentinel Anti-malware -> Settings -> Quarantine Settings. Select the Quarantine hits checkbox. Click Update to save your configuration changes. Click Restart to reload the real-time monitoring service with the new settings.
View Full Article...

Overview This article provides instructions on how to change the interface language within the application configuration. Procedure Navigate to Settings. Select Application Settings. Locate the Locale option and select the desired language from the available list.
View Full Article...

Overview The Performance Booster utility enables administrators to optimize MariaDB configuration parameters for improved database throughput and stability. This article provides step-by-step instructions for reviewing and applying system-recommended optimizations. Prerequisites Administrative access to the management interface. A fully operational MariaDB instance registered within the control panel. Current backup of database configuration files (recommended before applying changes). Procedure Navigate to Tools and Settings -> General Settings -> Performance Booster. Select the Serverwide tab, then choose Database Server. Click show values to be optimized to generate a list of recommended configuration adjustments based on current server metrics. Carefully review the proposed parameter changes to ensure they align with your workload requirements and available system resources. Once verified, click Apply to implement the optimizations. The database service may restart automatically to load the new configuration. Troubleshooting If the optimization process fails or returns an error, verify that the MariaDB service is running and that your user account has write permissions to the database configuration directory. Monitor query response times and connection pool metrics after applying changes. If performance degrades or services become unresponsive, restore the previous configuration backup and adjust parameters manually in increments. Ensure server memory and CPU allocation meet MariaDB's baseline requirements before enabling aggressive optimization profiles.
View Full Article...

Overview Sentinel supports the integration of third-party anti-virus signature providers to enhance ClamAV detection rates. This procedure outlines how to enable and configure additional signature sources within the Sentinel management console. For comprehensive documentation, refer to the official guide: Signature Providers Documentation. Prerequisites Administrative access to the Sentinel interface. Active network connectivity to external signature repositories. Procedure Navigate to Sentinel Anti-malware > Settings > Anti-virus Settings > Signature Providers. Locate and enable the Interserver signature provider. Click the Update button, followed by the Restart button to restart the anti-virus signature service. Verification & Monitoring Monitor the signature download and loading process using the following methods: View real-time progress under Sentinel Anti-malware > Logs > Signature log. Confirm that new signatures are successfully downloaded to the /var/lib/clamav/ directory. Configuration Notes New signatures are automatically loaded into ClamAV within one hour of download. To force an immediate reload, use either of the following methods: Click the Signature reload button on the Sentinel dashboard. Execute the following command via terminal: clamdscan --reload Troubleshooting & Best Practices False Positive Management: When initially enabling third-party signature providers, disable automatic quarantine to prevent false positives. Navigate to Quarantine Settings > Quarantine hits and adjust the configuration accordingly. Review quarantined items manually before re-enabling automated actions.
View Full Article...

Overview This article outlines the procedure for reporting malware that bypasses ClamAV detection and provides guidance on configuring third-party signatures to improve overall detection rates. Reporting Undetected Malware If you identify a virus or malware sample that is not currently detected by ClamAV, submit the file for analysis through the official reporting portal: ClamAV Malware Submission Portal The ClamAV Detection Content Team will evaluate your submission. Upon approval, a new signature will be published to the virus database, enabling detection across all supported environments. Improving Detection Rates with Third-Party Signatures To enhance malware identification capabilities, enable third-party signatures within your configured security modules. Follow the procedures below based on your active service: Warden Anti-spam and Virus Protection: Refer to Enabling Third-Party Anti-Virus Signatures in Warden for step-by-step configuration instructions. Sentinel Anti-malware: Refer to Enabling Third-Party Anti-Virus Signatures in Sentinel for step-by-step configuration instructions. Troubleshooting & Common Issues If third-party signatures fail to activate or detection rates remain unchanged after enabling the feature, verify the following: Confirm that your service subscription includes access to external signature repositories. Ensure the security daemon has been restarted to apply configuration changes immediately. Validate that submitted malware samples are unmodified and match the original threat file exactly.
View Full Article...

View All...