Recent content by SDGPete

We have Plesk Web Host Edition. We don't use it as a reseller or any of the reseller functions, we utilise the unlimited domains feature for the clients we manage (we're a web design company). Last year in November we paid £598.95 I've just received an email from Cleverbridge saying it'll...

Your browser may have cached redirects. Clear your internet files/history and try it. Also make sure you don't have an web.config/.htaccess left in the directory.

The .cer files were their entry points. They later get filled with scripts and codes that provide them with further access/functionality. From that point they can edit any file they want. You'll need to audit all of your files looking for foreign code (code that doesn't belong there). If you...

The solution is correcting the vulnerable code you're hosting, can't help you there as it could be anything so you'll need to do an audit. Until then the batch script I shared will remove the files. But that's just treating the symptom and not the cause.

@Peter Debik and @IgorG apologies for tagging, I know you're busy guys but it would be great to get your perspective on this please.

Looks a bit amateur and dated (with the rounded borders around icons), more of a step back than progression. The existing grey mini icons are much simpler and look more sleek. Will this look only apply to Customer Views? Will Server Administrator views remain the same? (I'm hoping they will...

@DataPacket you're welcome, hope it helps! These files were a bit of a surprise to me too, I thought at first it may have been from one of Plesk's processes or related to Let's Encrypt but then started seeing some of the .cer extensions change to ,aspx and .php and knew something wasn't right.

@Jean-LucP this has to be done within IIS and Request Filtering. Perform this on the main server/site. Once in Request Filtering, click on the Rules tab and a new Filtering Rule which scans the User-Agent within the headers and then deny strings such as MJ12bot, there are lots of other bots...

I've seen this, they're not corrupt .cer files, they're an indicator/evidence that your hosting has been compromised and hacked. You'll see random files that have reserved/forbidden names/extentions such as LPT1.***.cer, the contents of the .cer file will later be replaced with ASP. They use...

@Bricee glad you got it sorted!

Thanks for your input @scsa20 ! I guess another/the main question (to everyone) is if open_basedir was set to none, how easy would it be for someone to use PHP to explore outside of the subscription's root directory (i.e. inetpub/vhosts) and either navigate around directories belonging to other...

Would be great to get Plesk's input on this too please.

Hi @Bricee unfortunately I'm still not seeing a public SPF record for your domain, this furthers my thought that the DNS you've been editing is not the DNS for the domain. Your DNS nameservers for p2d.org.au are ns3.nameserver.net.au ns1.nameserver.net.au ns2.nameserver.net.au This looks (my...

Hi @Bricee I'm not sure it is working, the domain of the FROM email address (p2d.org.au) doesn't have an SPF record (Lookup - SPF-Record). This is likely to be blocked by GMail. Create a TXT record for the domain and add the following in your value field (including the quotes) "v=spf1 a mx...

Copy of MailEnable SMTP logs would be helpful