Recent content by Igor Smitran

Hi guys. In case you are still using Plesk 10 then you are aware of lack of "Clone Service Plans" option that forces one to create Service Plans on new server from scratch. In case someon needs it i have create MySQL procedure that will clone Service Plans and help automate migration. You can...

I am trying to migrate site to another server where Plesk 12 is installed. It is CentOS 7 based server. Migration script doesn't sync and exits with errors: Mail sync error: Can not deploy mail content ****** rsync execution error: Syntax or usage error (1). Stderr is...

I am sorry @RaymondFH, who are you again? I didn't see you in this thread until now... Where were you when we talked about security here?

And what exactly was i trying to do in this entire thread? I've opened it, nothing happened, i've gave example of exploit (PM), i've asked what's next. Didn't receive any answear. I even offered my free help. If that is not enough then yes, i am contra-productive, terrorizing Plesk guys and...

As far as i can see noone in Plesk is interested in this. So, bottom line: 1. We know that our setup is not secure 2. We don't mind, because if we make it secure we lose compatibility 3. We won't answear to any questions regarding that Thank you Plesk guys, you just made my life a lot easier...

So, what's it gonna be? 1. Plesk developers will not chroot apache server? 2. Plesk developers will chroot apache?

It doesn't matter if it has to be done. Security shouldn't be compromised in order to have better compatibility. I've offered my help, offer still stands.

@IgorG, you saw this post as everyone else. From this post it's easy to conclude that Faris is working with Plesk developers. You didn't react on this... Ask Faris to forward my PM to you.

1. I have sent exploit example to Faris. 2. I have sent a howto for apache chroot to Faris 3. I have offered my help in implementing this feature to Plesk. We are talking about serious security improvement of Plesk interface and all i get is "Most voted requests have a highest priority". You...

Read the NEWS file please: - Improved and cleaned CGI code: . FastCGI is now always enabled and cannot be disabled. See sapi/cgi/CHANGES for more details. (Dmitry) . Added CGI SAPI -T option which can be used to measure execution time of script repeated several times. (Dmitry)

I don't think Plesk developers want my help on this...

i've sent PM to Faris. Waiting for his response.

Is there anyone in Plesk development team able to answear to my question??? Why is this question ignored? How many servers needs to be compromised in order to implement this feature? I've offered my help, is there anything else i should do???

No, it doesn't. Not secure enough anyway. Plesk developers decided to use open_basedir as a security precaution. That doesn't include perl scripts. Also, open_basedir is easily broken giving attacker access to entire file system. Best possible way of securing apache is making it run in a chroot...

Does anyone here understand what i am talking about? Is this even going to be suggested to developers to look at? Any comment would be appreciated...