Search results

Hi guys. In case you are still using Plesk 10 then you are aware of lack of "Clone Service Plans" option that forces one to create Service Plans on new server from scratch. In case someon needs it i have create MySQL procedure that will clone Service Plans and help automate migration. You can...

I am trying to migrate site to another server where Plesk 12 is installed. It is CentOS 7 based server. Migration script doesn't sync and exits with errors: Mail sync error: Can not deploy mail content ****** rsync execution error: Syntax or usage error (1). Stderr is...

I am sorry @RaymondFH, who are you again? I didn't see you in this thread until now... Where were you when we talked about security here?

And what exactly was i trying to do in this entire thread? I've opened it, nothing happened, i've gave example of exploit (PM), i've asked what's next. Didn't receive any answear. I even offered my free help. If that is not enough then yes, i am contra-productive, terrorizing Plesk guys and...

As far as i can see noone in Plesk is interested in this. So, bottom line: 1. We know that our setup is not secure 2. We don't mind, because if we make it secure we lose compatibility 3. We won't answear to any questions regarding that Thank you Plesk guys, you just made my life a lot easier...

So, what's it gonna be? 1. Plesk developers will not chroot apache server? 2. Plesk developers will chroot apache?

It doesn't matter if it has to be done. Security shouldn't be compromised in order to have better compatibility. I've offered my help, offer still stands.

@IgorG, you saw this post as everyone else. From this post it's easy to conclude that Faris is working with Plesk developers. You didn't react on this... Ask Faris to forward my PM to you.

1. I have sent exploit example to Faris. 2. I have sent a howto for apache chroot to Faris 3. I have offered my help in implementing this feature to Plesk. We are talking about serious security improvement of Plesk interface and all i get is "Most voted requests have a highest priority". You...

Read the NEWS file please: - Improved and cleaned CGI code: . FastCGI is now always enabled and cannot be disabled. See sapi/cgi/CHANGES for more details. (Dmitry) . Added CGI SAPI -T option which can be used to measure execution time of script repeated several times. (Dmitry)

I don't think Plesk developers want my help on this...

i've sent PM to Faris. Waiting for his response.

Is there anyone in Plesk development team able to answear to my question??? Why is this question ignored? How many servers needs to be compromised in order to implement this feature? I've offered my help, is there anything else i should do???

No, it doesn't. Not secure enough anyway. Plesk developers decided to use open_basedir as a security precaution. That doesn't include perl scripts. Also, open_basedir is easily broken giving attacker access to entire file system. Best possible way of securing apache is making it run in a chroot...

Does anyone here understand what i am talking about? Is this even going to be suggested to developers to look at? Any comment would be appreciated...

httpd setup will not be secure until developers setup chrooted httpd process (per client). open_basedir is not safe enough. It is easily overriden and an attacker can easily have access to entire disk, including all other hosted sites. Also, open_basedir will not help when an attacker uses...

If you are talking about php.ini then you are wrong, php.ini location is inside PHPRC environment variable. Since every domain has different wrapper, php.ini location is here: export PHPRC=/var/www/vhosts/blabla.com/etc/ so, php.ini is inside user directory and you are able to setup...

How can one know if an event was triggered by an action started from web panel or an event was triggered by an action executed from command line? I am having trouble with one trigger. I am trying to forbid my users to rename their initial ftp accounts. Everything is ok in first trigger. But...

Disregard this thread, it was my mistake, i had some problems with accounts that were not deleted entirely from the system, giving me all kind of errors.

I have tried all i could think of but couldn't find a way to rename FTP account (username). Is there any way to rename existing FTP account. It is possible to do it in Plesk Panel web interface but i need to have this feature in command line. Thank you,