security

As I already posted a suggestion for Passkey, I want to make a short poll about it and want to advertise this suggestion as Passkey is the highest security method. https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/49052933-passkey-for-login

Hi Guys This evening WordPress Toolkit is reporting an issue with the WordPress NextGEN Gallery Plugin, I think this is a false positive. This vulnerability was reported in 2008, the version with the issue is 0.96 and 0.97 fixed it. For reference: WordPress NextGEN Gallery Plugin <= 0.96 - XSS...

Hi there, I need to secure the public IP address for the Plesk portal (requested by a client). I have purchased a specialist SSL certificate that can be used to secure IP addresses. The site I have running on the hosting has its own Lets Encrypt certificate on it. I have installed the new...

Hi everyone, As I review my Plesk logs, I am increasingly concerned about the security of my server. I have updated Plesk to the latest version, enabled MFA, and utilize a private key for SSH login. Additionally, I employ an external firewall and have ensured that services such as the database...

Hello, Currently setting up a server to be PCI compliant and after multiple configuration adjustments, I only have one thing left to correct to have certification. I have set the HTTP Security Headers on all ports but I am not finding the port 80 configuration. If I test the following, here...

I have an entry like this in the export: { "name": "Allow Incoming Database Connections", "direction": "input", "action": "allow", "ports": "3306/tcp", "from": "XX.XXX.XXX.XXX", "class": "custom", "type": "custom", "originalId"...

Hi, I just noticed that when I access the IP address of my server with Chrome, I am redirected to the page <ip-address>/login_up.php or <server_name>/login_up Is there a way to restrict this page by IP as is the case when using port 8443? The "Restricting Administrative Access" feature only...

I'm running various web apps on my domain and several sub domains. It seems that one of these apps (based on PHP) had a vulnerability that was exploited. As a consequence, not only the app of that particular (sub) domain was affected but the main domain and all other sub domains, too. Code was...

Hi There Is it possible to completely exclude an e-mail inbox from the SPAM rating? Background: We have an account to which we send all mails sent from another account AutoBCC. This in turn means that all outgoing mails are also checked for SPAM in the INBOX of the BCC account, which places a...

Hello, I tried to activate OCSP for the Plesk Panel itself. I followed this guide How to enable OCSP Stapling and HSTS for Plesk interface? - Support Cases from Plesk Knowledge Base and HSTS and a few other HTTP headers I added work fine. Only OCSP stapling doesn't work. I've already tested it...

Hi, I'm Oliver ! Just to preface this for the mods: this is not an ad nor is this a commercial project -- a small team of devs (myself included) has recently finished working on a PHP code security scanner and we are humbly asking for your feedback. We have already been told that integration...

Hello, I've just checked my IP addresses list in "Tools & Settings" and found an IP that I have never added. To be honest I'm a real noob when it's about using Plesk and I don't know if the IP was already there in the beginning but it doesn't point to my server location (instead it points to my...

Hi, is it safe/secure to enable mysql remote access? I need it for a Docker Container to connect to Domains Database. or it is better to leave it deactivaed because of security reasons?

Hey Fellows, I have a question regarding the possibility of adding dnsdist to Plesk and its advantages, particularly when used in conjunction with the Slave DNS Manager. I am also interested in exploring the feasibility of running Plesk entirely without a local DNS server and relying solely on...

I have a new site up, a work in progress and I'm already seeing tons of malicious traffic. I went from relying on mod_security and fail2ban to installing imunify360 because of how much hype I saw online. Now, i'm how different Imunify360 works compared to fail2ban and I'm not convinced its...

I have a single domain on a single cloud VPS server running web and mail service. I have 2 IP addresses on the same WAN adapter. The IP that I want all web traffic to flow through is proxied by cloudflare. The other IP is exposed because I'm running the mail server traffic through it. What would...

https://mypleskserver.com/error_docs/uat.js?v1 { "stream": "plesk-17.0-ux", "region": "us-west-2", "accessKeyId": "BajksdjasdiuahoOHUEUNN", "secretAccessKey": "p+asd;kmIOJIdmdm435;mdaisd49dkmpamd", "endpoint": "firehose.us-west-2.amazonaws.com", "httpOptions": { "connectTimeout": 1000...

So I'm trying to determine the most secure and simple way to set up a single server that hosts a single domain with website + postfix/dovecot mail service. I'm proxying the web traffic through cloudflare. I don't see any way around not exposing the mail server IP, so I'm using a mail.domain mx...

I am using Crowdsec on another non Plesk VPS in a docker environment with everything behind Traefik. I am super happy with this solution, especially with Crowdsec which replaces a lot of other expensive, slower security solutions. Is anyone using Crowdsecwith Plesk and CentOS 7? Any...

Hi there. What I did: - Create an email account for myself. - Log in to find there is a message for the account I've created before. What I did before: - Create an account and receive one mail in it. - Delete the account from the Plesk-panel. This looks like a security-crater to me. It even...