security

Hello, Currently setting up a server to be PCI compliant and after multiple configuration adjustments, I only have one thing left to correct to have certification. I have set the HTTP Security Headers on all ports but I am not finding the port 80 configuration. If I test the following, here...

I have an entry like this in the export: { "name": "Allow Incoming Database Connections", "direction": "input", "action": "allow", "ports": "3306/tcp", "from": "XX.XXX.XXX.XXX", "class": "custom", "type": "custom", "originalId"...

Hi, I just noticed that when I access the IP address of my server with Chrome, I am redirected to the page <ip-address>/login_up.php or <server_name>/login_up Is there a way to restrict this page by IP as is the case when using port 8443? The "Restricting Administrative Access" feature only...

I'm running various web apps on my domain and several sub domains. It seems that one of these apps (based on PHP) had a vulnerability that was exploited. As a consequence, not only the app of that particular (sub) domain was affected but the main domain and all other sub domains, too. Code was...

Hi There Is it possible to completely exclude an e-mail inbox from the SPAM rating? Background: We have an account to which we send all mails sent from another account AutoBCC. This in turn means that all outgoing mails are also checked for SPAM in the INBOX of the BCC account, which places a...

Hello, I tried to activate OCSP for the Plesk Panel itself. I followed this guide How to enable OCSP Stapling and HSTS for Plesk interface? - Support Cases from Plesk Knowledge Base and HSTS and a few other HTTP headers I added work fine. Only OCSP stapling doesn't work. I've already tested it...

Hi, I'm Oliver ! Just to preface this for the mods: this is not an ad nor is this a commercial project -- a small team of devs (myself included) has recently finished working on a PHP code security scanner and we are humbly asking for your feedback. We have already been told that integration...

Hello, I've just checked my IP addresses list in "Tools & Settings" and found an IP that I have never added. To be honest I'm a real noob when it's about using Plesk and I don't know if the IP was already there in the beginning but it doesn't point to my server location (instead it points to my...

Hi, is it safe/secure to enable mysql remote access? I need it for a Docker Container to connect to Domains Database. or it is better to leave it deactivaed because of security reasons?

Hey Fellows, I have a question regarding the possibility of adding dnsdist to Plesk and its advantages, particularly when used in conjunction with the Slave DNS Manager. I am also interested in exploring the feasibility of running Plesk entirely without a local DNS server and relying solely on...

I have a new site up, a work in progress and I'm already seeing tons of malicious traffic. I went from relying on mod_security and fail2ban to installing imunify360 because of how much hype I saw online. Now, i'm how different Imunify360 works compared to fail2ban and I'm not convinced its...

I have a single domain on a single cloud VPS server running web and mail service. I have 2 IP addresses on the same WAN adapter. The IP that I want all web traffic to flow through is proxied by cloudflare. The other IP is exposed because I'm running the mail server traffic through it. What would...

https://mypleskserver.com/error_docs/uat.js?v1 { "stream": "plesk-17.0-ux", "region": "us-west-2", "accessKeyId": "BajksdjasdiuahoOHUEUNN", "secretAccessKey": "p+asd;kmIOJIdmdm435;mdaisd49dkmpamd", "endpoint": "firehose.us-west-2.amazonaws.com", "httpOptions": { "connectTimeout": 1000...

So I'm trying to determine the most secure and simple way to set up a single server that hosts a single domain with website + postfix/dovecot mail service. I'm proxying the web traffic through cloudflare. I don't see any way around not exposing the mail server IP, so I'm using a mail.domain mx...

I am using Crowdsec on another non Plesk VPS in a docker environment with everything behind Traefik. I am super happy with this solution, especially with Crowdsec which replaces a lot of other expensive, slower security solutions. Is anyone using Crowdsecwith Plesk and CentOS 7? Any...

Hi there. What I did: - Create an email account for myself. - Log in to find there is a message for the account I've created before. What I did before: - Create an account and receive one mail in it. - Delete the account from the Plesk-panel. This looks like a security-crater to me. It even...

Hi Forum At the moment we have BitNinja running but I'm thinking about replacing it with an equivalent. Does anyone have a recommendation or can point me at a good comparison resource? Thanks

APP Check has highlighted the following:- POSSIBLE DEPENDENCY CONFUSION It is extremely common for applications to depend on packages from public registries such as NPM, Maven Central, Packagist, and Python Package Index. It is also common for organisations to utilise private registries to...

Hello, can somebody can help me with finding server security solution for Plesk with Almalinux wchich is reliable? Mod_security is available only with standard rule sets, wchich I believe aren't updated frequently, and by checking my log - I see it's blocking legit traffic as well. Immunify360...

I am fairly new to Plesk and have a question about SSL.How do I put an SSL on an individual website when I don't have a .pem file? can I just put it in SSL Certificate area of the tools and settings and install it from there? BTW, I already have the cert.