Recent content by ChristophRo

Debian 13 is not (yet) supported by Plesk, so you are completely out of luck. You can try do downgrade again or migrate all your webs to another server with Debian 12 or live with the current situation and wait till Debian 13 is supported.

It does not matter if you remove DIGEST-MD5 or CRAM-MD5 in retrospect, as some mail clients (Thunderbird is among them) do "detect" these server capabilities only when you setup an account. If the server does advertise MD5, Thunderbird will automatically use the encrypted password option until...

Given the circumstance that your server is compromised and the hacker has gained root access (otherwise they could not use the mail_auth_view utility anyway), what is stopping them from executing cat /etc/shadow and/or plesk db "select password from accounts" to see the hashed password of all...

I do agree on this one! Of course it will not work properly, the way Plesk rushed out this feature! As I already wrote on the 20th of August, if a mailserver does advertise any of the MD5 authentication methods, certain mail clients (Outlook ahoy!) will randomly fail when the password of the...

$2y$12$ is the hashing algorithm used, in this case bcrypt. It's the recommended method, to store the algorithm together with the password this way and I don't see why that would pose any security risk. "Security by (pseudo) Obscurity" is not a thing! and not doing it this way would only...

To get the full benefit of customers being able to see backups and restore from them, the Plesk built-in Backup Solution is the only way I know. According to the documentation, the Acronis Backup extension offers similar benefits - but of course, there is a price tag... It should be faster and...

hmm, using hashed passwords but still advertising DIGEST-MD5/CRAM-MD5 screams for disaster.... ...but so does disabling DIGEST-MD5/CRAM-MD5 on a server that is already "in use" by customers

You can change the Apache2 Port in the "ServiceNodeConfiguration" table of the "psa" database. After that you need to rebuild all webserver configuration files and should be good to go. (you can use the Configurations Troubleshooter extension for that) But just so I've mentioned it, this is...

The "Malware Scanner" is indeed enabled and usable in the free edition. In fact it's the only component that is available in the free edition and it gets installed on a Plesk server by default. While the "Malware Scanner" is somewhat limited in the free edition (like only one scan per month)...

We only used and use the Imunify "Malware Scanner" as it's very! helpful and nothing out there comes even close to the functionality and success rate of detecting malicious code on your websites. (we used ClamAV/Sophos virus scan routines, RKHunter and manual scripts before we had ImunifyAV and...

Why not (dist) upgrading to Debian 11? You still get PHP 7.4 there from Plesk. Or does your software run with the bundled PHP version that the Panel itself runs with?

A current Plesk server does use/support the exact same settings/configuration as 99.999% of all mail servers on this planet. Well, OK, quite a lot do not support the MD5 stuff anymore, but AUTH PLAIN/LOGIN works literally everywhere and so that is what should be used. (Apple Mail can/does not...

Authentication Method should be set to "Password" in Apple speak (translates to AUTH PLAIN in technical terms) for both incoming and outgoing mail server. "MD5 Challenge-Response" and "MD5 Digest" may work with most servers as well, but I recommend to not use that. The "SSL" option/toggle...

The only (negative) effect that the OCSP stapling option has and ever can have, is a warning message when reloading or restarting the nginx webserver. So yes, it may not be nice, but it will never break your system. Btw. for self-signed certificates you'll get the same warning, as these...

I've seen this error once on a server of ours as well... (but so far did not investigate it any further)