Recent content by TSCADFX

Most likely because they haven't updated OpenSSL. The issue is not a Plesk issue as IgorG points out. It's an issue with OpenSSL.

Hate to ask, but is it enabled/installed? Tools & Settings > Updates and Upgrades > Add/Remove Components > Plesk webmails support > Roundcube webmail support

You also need to run: service sw-cp-server restart We have a documented upgrade proceedure on our website for those looking to protect Plesk: How to Update Plesk for the Heartbleed Bug

I've voted on that months ago. Even if it does become integrated into Plesk there's no telling if it will have full integration with the Panel login vs the services on the server. The filters and jails change according to the flavor of OS and on installed options, logging locations etc...

If there's a script that's causing this then identifying that script and stopping it would be top priority. There could have been a customer that had a very insecure password as well that allowed a bot to eventually gain access. I would suggest using something such as Fail2Ban in order to...

Well if you are using Nginx, which by the way is enabled by default under 11.5+, then you might want to refer to the link that I posted as it's a known issue. The certificates aren't being sent with the CA, which is what you are describing. The reason you got a 400 on the domain you listed is...

I guess what I'm trying to determine here is if you setup the certificate correctly in the panel. I have multiple Plesk installs and all of them have SSL certificates securing the panels. I haven't seen this issue and I attempted to re-create the issue on a demo box we have and it installed...

Ok sorry, Let's try this then. nano /usr/local/psa/admin/conf/httpsd.pem make sure that your certificate looks like this -----BEGIN RSA PRIVATE KEY----- (Your Private Key: your_domain_name.key) -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- (Your Primary SSL...

I think this is a duplicate of: http://forum.parallels.com/showthread.php?289546-NGINX-SSL-needs-to-be-fixed

Michele, What version and OS are you using? That version of iptables is from 2006. Are you attempting to track connections of netbios sessions? Seems odd that the module is enabled. If this is something that you didn't intend I would disable it my changing it to: IPTABLES_MODULES="" The...

Michele, Is this a virtual machine in a Virtuozzo container? If it is make sure that the firewall in the VZ Control Panel is disabled. Enabling them both will cause neither of them to work. We noticed that this was happening on some of our clients VPS servers in the 11.0 series. If...

If anyone is looking to create a custom template in order to apply the changes to all domains on the account you can do so by visiting our blog post which has more detailed instruction on how to fix this. We also have many other suggestions for PCI compliance on Plesk if anyone is interested...

The reason his solution works is because it adds the trusted cert which is missing from the configuration. The problem with this approach is multifaceted. 1 - When, and if, Parallels decides to add the trusted cert to the config your server will fail to initialize nginx, which could be in the...

No it is not fixed yet and I haven't seen any official response from Parallels regarding it either. I wouldn't recommend this because it still doesn't resolve the PCI compliance issues. If you're going to install a certificate with server vulnerabilities then what's the point of having one...

Glad it worked for you! The only thing I can think of is the old webspace was upgraded through various versions of plesk and something got messed up along the way.