Getting Started

Configure the Extension Interface Language

Most of the non-english language files are currently machine translated. You can change the interface language under Settings -> Application Settings -> Locale. We are currently looking for translators to fix any of the errors in the translations. If you are a native speaker of the language and want to help out then open a support ticket though our client area. Volunteers will get a free license for every Plesk extension that they help translate.

Get a MaxMind License Key

Juggernaut uses the GeoLite2 databases from MaxMind. MaxMind requires that you signup to get a free license key from them in order to download and use their geolocation databases:

  1. Signup for the free license key here.
  2. Generate a license key here (When asked - Will this key be used for geoipupdate? Choose: no)
  3. Navigate to Juggernaut Firewall -> Settings -> Geolocation Settings and enter the license key under MaxMind license key. (It may take up to 15 minutes before MaxMind will recognize a newly created API key).

Get an AbuseIPDB License Key

Juggernaut uses the AbuseIPDB API for IP address abuse checks and reporting. AbuseIPDB requires that you signup to get a free license key from them if you want to be able to check and report IP addresses for abuse.

  1. Signup for the free API key here. The free API key is good for up to 1000 checks per day.
  2. Generate an API key here
  3. Navigate to Juggernaut Firewall -> Settings -> Network Tools Settings and enter the license key under Reputation Settings -> AbuseIPDB API key.
  4. After you are sure your login failure triggers do not have any false positives it is recommended to enable "Block Reporting" so that your server will report login failure blocks to AbuseIPDB automatically.

Whitelist Your Own IP Address and Remote Backup Server

Make sure to add any IP addresses or networks that should be allowed though the firewall (like a remote FTP backup server) or IP addresses that should never to be blocked by the login failure daemon. This will prevent you from actually getting blocked out of your server.

To Allow an IP address though the firewall:

  1. Navigate to Juggernaut Firewall -> Allow -> Allow Permanently.
  2. Click the Add button to add your IP address, CIDR, or advanced filter.

To Allow a hostname though the firewall:

  1. Navigate to Juggernaut Firewall -> Allow -> Allow DynDNS.
  2. Click the Add button to add your fully qualified domain name.
  3. Check the Submit button to submit the form.
  4. Click the Restart button to restart the login failure daemon.

To Allow your server to send FTP backups out to your remote FTP backup server:

  1. Navigate to Juggernaut Firewall -> Allow -> Allow DynDNS.
  2. Click the Add button to add your record allowing your server to connect out to your FTP backup server. e.g. tcp|out|d=30000_65535|d=remote.example.com
  3. Check the Submit button to submit the form.
  4. Click the Restart button to restart the login failure daemon.

To tell the login failure daemon to ignore an IP address (never block):

  1. Navigate to Juggernaut Firewall -> Ignore -> Ignore Permanently.
  2. Click the Add button to add your IP address, CIDR, or advanced filter. (the login failure daemon will show a warning as it can't start if the firewall is running in "testing mode".)

To tell the login failure daemon to ignore a dynamic IP address (never block):

  1. Sign up to a free dynamic DNS service (most home routers support this directly though the router). eg: http://www.noip.com/remote-access.
  2. Navigate to Juggernaut Firewall -> Settings -> Ignore rDNS.
  3. Click the Add button to add your fully qualified domain name.
  4. Check the Submit button to submit the form.
  5. Click the Restart button to restart the login failure daemon.

Configure Blocklists

We recommend enabling the following blocklists: ABUSEIPDB, BDEALL, DSHIELD, INTERSERVER_ALL, MAXMIND, SPAMDROP, STOPFORUMSPAM, TOR. See here for more information.

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> IP Block Lists.
  2. Select a blocklist that you want to enable. Click the Edit button.
  3. Check the Enabled checkbox then submit the form.
  4. Click the Restart button to restart the firewall and login failure daemon.

AbuseIPDB Blocklist
The AbuseIPDB blocklist requires that you sign up to their website for a free API key then replace YOUR_API_KEY with it in the source URL. See here for more information.

Configure Tracking Settings

We recommend enabling at minimum the following tracking settings: Distributed Attack Tracking, Connection Tracking, Port Scan Tracking

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Tracking Settings.
  2. To enable Distributed Attack Tracking check the Distributed attack tracking checkbox then press Update.
  3. To enable Connection Tracking enter in 500 in the Connection tracking limit field then press Update.
  4. To enable Port Scan Tracking enter in a 60 in the Port scan tracking interval field then press Update.
  5. Click the Restart button to restart the firewall and login failure daemon.

Configure Country Settings

If you have a large number of domains on the server when we recommend that you tell the login failure daemon to "ignore" your home country and the countries of your clients so you don't accidently block your own clients.

To deny a country on the firewall:

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Country Settings.
  2. Add some countries to Deny countries to all ports
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

To tell the login failure daemon to ignore a country (never block):

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Country Settings.
  2. Add some countries to LFD blocking ignore countries
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

Enable the Messenger Service

• We recommend enabling at the messenger serivice so that your users will know that they are getting blocked by the firewall. You can tell them to contact you with their IP address or even enable the messenger reCAPTCHA option so that they can unblock themselves by entering in a CAPTCHA.
• When configuring a new Google reCAPTCHA API key set, you must use the reCAPTCHA v2 type. Enter the full hostname of the server as the domain name. After creating the API key go to settings and make sure the option for Verify the origin of reCAPTCHA solutions is unchecked for the key so that the same reCAPTCHA can be used for all domains hosted on the server.

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Messenger Service.
  2. Check the Messenger service checkbox to enable the messenger service.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.
  5. You can optionally customize the message displayed by editing the messenger templates under Juggernaut Firewall -> Settings -> Login Failure Daemon -> Messenger Service -> Messenter Templates.