• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

security

  1. austriadesign

    Question Passkey option for Login

    As I already posted a suggestion for Passkey, I want to make a short poll about it and want to advertise this suggestion as Passkey is the highest security method. https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/49052933-passkey-for-login
  2. T

    WordPress NextGEN Gallery Plugin <= 0.96 - XSS Vulnerability

    Hi Guys This evening WordPress Toolkit is reporting an issue with the WordPress NextGEN Gallery Plugin, I think this is a false positive. This vulnerability was reported in 2008, the version with the issue is 0.96 and 0.97 fixed it. For reference: WordPress NextGEN Gallery Plugin <= 0.96 - XSS...
  3. M

    Issue SSL certificate to secure Plesk IP address issue (Not Lets Encrypt)

    Hi there, I need to secure the public IP address for the Plesk portal (requested by a client). I have purchased a specialist SSL certificate that can be used to secure IP addresses. The site I have running on the hosting has its own Lets Encrypt certificate on it. I have installed the new...
  4. Pentarou

    Question Security Concerns

    Hi everyone, As I review my Plesk logs, I am increasingly concerned about the security of my server. I have updated Plesk to the latest version, enabled MFA, and utilize a private key for SSH login. Additionally, I employ an external firewall and have ensured that services such as the database...
  5. adocsys

    Resolved How to add HTTP Security Header on port 80?

    Hello, Currently setting up a server to be PCI compliant and after multiple configuration adjustments, I only have one thing left to correct to have certification. I have set the HTTP Security Headers on all ports but I am not finding the port 80 configuration. If I test the following, here...
  6. N

    Resolved Plesk Firewall Import create double entries

    I have an entry like this in the export: { "name": "Allow Incoming Database Connections", "direction": "input", "action": "allow", "ports": "3306/tcp", "from": "XX.XXX.XXX.XXX", "class": "custom", "type": "custom", "originalId"...
  7. F

    Question How to disable/restrict by IP <server-ip>/login_up.php ?

    Hi, I just noticed that when I access the IP address of my server with Chrome, I am redirected to the page <ip-address>/login_up.php or <server_name>/login_up Is there a way to restrict this page by IP as is the case when using port 8443? The "Restricting Administrative Access" feature only...
  8. V

    Question Subdomain security

    I'm running various web apps on my domain and several sub domains. It seems that one of these apps (based on PHP) had a vulnerability that was exploited. As a consequence, not only the app of that particular (sub) domain was affected but the main domain and all other sub domains, too. Code was...
  9. X

    Question Exclude email account from SPAM classification of Plesk Email Security Pro completely

    Hi There Is it possible to completely exclude an e-mail inbox from the SPAM rating? Background: We have an account to which we send all mails sent from another account AutoBCC. This in turn means that all outgoing mails are also checked for SPAM in the INBOX of the BCC account, which places a...
  10. F

    Issue OCSP for Plesk-Panel does not work

    Hello, I tried to activate OCSP for the Plesk Panel itself. I followed this guide How to enable OCSP Stapling and HSTS for Plesk interface? - Support Cases from Plesk Knowledge Base and HSTS and a few other HTTP headers I added work fine. Only OCSP stapling doesn't work. I've already tested it...
  11. O

    Question Asking for your feedback on a PHP code security scanner in beta

    Hi, I'm Oliver ! Just to preface this for the mods: this is not an ad nor is this a commercial project -- a small team of devs (myself included) has recently finished working on a PHP code security scanner and we are humbly asking for your feedback. We have already been told that integration...
  12. P

    Resolved Suspicious IP address in the list

    Hello, I've just checked my IP addresses list in "Tools & Settings" and found an IP that I have never added. To be honest I'm a real noob when it's about using Plesk and I don't know if the IP was already there in the beginning but it doesn't point to my server location (instead it points to my...
  13. B

    Question MySQL Remote Access

    Hi, is it safe/secure to enable mysql remote access? I need it for a Docker Container to connect to Domains Database. or it is better to leave it deactivaed because of security reasons?
  14. F

    Question Plesk Slave DNS & DNS Security

    Hey Fellows, I have a question regarding the possibility of adding dnsdist to Plesk and its advantages, particularly when used in conjunction with the Slave DNS Manager. I am also interested in exploring the feasibility of running Plesk entirely without a local DNS server and relying solely on...
  15. michaeljoseph01

    Question Imunify360 or fail2ban PLEASE give me your input

    I have a new site up, a work in progress and I'm already seeing tons of malicious traffic. I went from relying on mod_security and fail2ban to installing imunify360 because of how much hype I saw online. Now, i'm how different Imunify360 works compared to fail2ban and I'm not convinced its...
  16. michaeljoseph01

    Question How to block non-mail traffic to certain ip?

    I have a single domain on a single cloud VPS server running web and mail service. I have 2 IP addresses on the same WAN adapter. The IP that I want all web traffic to flow through is proxied by cloudflare. The other IP is exposed because I'm running the mail server traffic through it. What would...
  17. S

    Question Why in plesk firehouse Aws keys are public ?

    https://mypleskserver.com/error_docs/uat.js?v1 { "stream": "plesk-17.0-ux", "region": "us-west-2", "accessKeyId": "BajksdjasdiuahoOHUEUNN", "secretAccessKey": "p+asd;kmIOJIdmdm435;mdaisd49dkmpamd", "endpoint": "firehose.us-west-2.amazonaws.com", "httpOptions": { "connectTimeout": 1000...
  18. michaeljoseph01

    Question What would the best setup be?

    So I'm trying to determine the most secure and simple way to set up a single server that hosts a single domain with website + postfix/dovecot mail service. I'm proxying the web traffic through cloudflare. I don't see any way around not exposing the mail server IP, so I'm using a mail.domain mx...
  19. herrMartin

    Question Does anyone use CrowdSec with Plesk?

    I am using Crowdsec on another non Plesk VPS in a docker environment with everything behind Traefik. I am super happy with this solution, especially with Crowdsec which replaces a lot of other expensive, slower security solutions. Is anyone using Crowdsecwith Plesk and CentOS 7? Any...
  20. Rexodus

    Issue I have a message from another account.

    Hi there. What I did: - Create an email account for myself. - Log in to find there is a message for the account I've created before. What I did before: - Create an account and receive one mail in it. - Delete the account from the Plesk-panel. This looks like a security-crater to me. It even...
Back
Top