• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Search results

  1. D

    Are Plesk users behind N.A.T. still vulnerable to DNS cache poisoning after patching?

    Greetings: Upon reading http://www.theregister.co.uk/2008/08/06/kaminsky_black_hat/ it appears those who use network address translation may be vulnerable to DNS cache poisoning even after patching their DNS servers. "another 15 per cent are still vulnerable to some extent because they use...
  2. D

    Possibly Hacked - High Traffic and Httpd

    Hi Ryan: Understood. Chances are high it is an application in an end user directory or other directory for which the web server can write rather than a root kit. Thank you.
  3. D

    Possibly Hacked - High Traffic and Httpd

    Greetings Ryan: Please note I did not careful examine the output (our clients pay us to clean servers). What I would check is the various directories mentioned, run Clam Scan with the options provided, and check the process tree for suspicious files. It most likely is not a root kit...
  4. D

    Possibly Hacked - High Traffic and Httpd

    Greetings: While rootkit hunter, chkrootkit, and ossec rootcheck are good root kit detection tools, they typically only find root kits. In our experience, most of the attacks in the past several years center around web-based injection attacks. The code for such attacks can be in any...
  5. D

    Case sensitive urls?

    Greetings: No matter the hosting automation system, Unix always had case sensitive directory names. The machine name / domain name is case insensitive in any event, but directory and file names will be case sensitive in a Unix hosting environment. Thank you.
  6. D

    DNS fix?

    Greetings: See http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/ This vulnerability was reported approximately three years ago. If your servers are secured, and your DNS servers secured (which means you only transfer between your own name severs, and only recursive...
  7. D

    PCI Compliance - Hackersafe keeps finding problems

    Greetings: Thanks to God, this is our 13th year in business. From experience, all PCI Compliance scans I've ever seen are mostly wrong out of the box. The software they use, across the board, is incorrect, often times more than half of their reports are filled with false positives that...
  8. D

    udp attack

    Greetings: Please check the server for suspicious files in /tmp, /var/tmp, /dev/shm, /var/spool/samba, /var/spool/vbox, /var/spool/squid, and /var/spool/cron Please use "ls -lab" for checking directories as sometimes compromised servers will have hidden files that a regular "ls" will not...
  9. D

    We Are Hacked Again!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Greetings: When you do business on the Internet, it is critical to know some of the following facts: 1. All operating systems are insecure out of the box; do not assume any rented, leased, or purchased equipment have operating systems that have been hardened or otherwise secured. 2. All...
  10. D

    Getting hacked Plesk - Joomla

    Greetings: See http://dynamicnet.net/customer/h-sphere/security/make_tmp_its_own_partition.htm in relation to securing /tmp See http://dynamicnet.net/customer/h-sphere/security/secure_shared_memory.htm in relation to securing /dev/shm (shared memory). Please make sure your Joomla is up...
  11. D

    FrontPage Support Outrage !!

    Greetings: Agreed. Microsoft Corporation purchased FrontPage from Vemeer Technologies in the mid 1990’s, grew it to where it was among the top design tools in the world, and then dropped it for reasons only Microsoft knows. Every automation and control panel system vendor now faces...
  12. D

    Brute Force Attack?

    Greetings: Without SSH access it is hard to diagnose for both you and those trying to help you. I recommend calling them on the phone to find out the following: 1. What type of brute force? 2. What is causing the current load? 3. What is the current # of processes running...
  13. D

    Brute Force Attack?

    Greetings: Without more information, it could be any protocol – SSH, FTP, POP3, IMAP, etc. I do recommend you secure your server; and such security should include a level of brute force protection. Thank you.
  14. D

    Third party security applications

    Greetings: Bastille for Linux Logwatch LibSafe Tripwire Psad Lsm Psm Ossec chkrootkit rkhunter rootcheck from ossec (separate program) mod_security tcpwrappers SEC Thank you.
  15. D

    Qmail outgoing IP

    Greetings: 1. If you want the ip to be eth0:0 then put eth0:0's IP in /var/qmail/control/outgoingip and restart qmail. In your reply, yous stated you have eth0:1 in the outgoing IP. 2. If you want additional help, I asked questions you avoided. Please consider reviewing the netstat...
  16. D

    After upgrade to 8.2.1 Qmail started working very slow

    Greetings Hugo: qmail can handle a lot more than other types of mail servers. That stated, please make sure incoming TCP 113 is rejected. Make sure your tcp session count for qmail is set appropriately; 100 to 200 is typical of most medium volume mail servers. Make sure your...
  17. D

    Remote mail issue

    Greetings: Does the error message of "Your account has been disabled." give any hints? Thank you.
  18. D

    Qmail outgoing IP

    Greetings: What is the output of netstat -lntpe | grep ":25" and netstat -anp | grep ":25" NOTE: If, for privacy purposes, you change the IP addresses listed which are yours, please do clear designate which one is eth0:0, eth0:1, and so on. Also, if you leave the IP...
  19. D

    Problem to send a mail with Qmail

    Greetings: Good point. I would also add to make sure all servers allow UDP 53, name servers allow TCP/UDP 53. Please also make sure your mail server IP is set up with a reverse DNS through your data center. Thank you.
  20. D

    Qmail outgoing IP

    Greetings: Have you set up a /var/qmail/control/outgoingip file that contains the IP address you want qmail to use? If not, then create one (plain text, just one line with the IP address); and restart qmail. Thank you.
Back
Top