• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

security

  1. P

    Question Recommendation for Security, Server Tools, Monitoring

    Hi Forum At the moment we have BitNinja running but I'm thinking about replacing it with an equivalent. Does anyone have a recommendation or can point me at a good comparison resource? Thanks
  2. C

    Issue POSSIBLE DEPENDENCY CONFUSION - Security Scan

    APP Check has highlighted the following:- POSSIBLE DEPENDENCY CONFUSION It is extremely common for applications to depend on packages from public registries such as NPM, Maven Central, Packagist, and Python Package Index. It is also common for organisations to utilise private registries to...
  3. J

    Question No security solution for Plesk on Almalinux 8.5

    Hello, can somebody can help me with finding server security solution for Plesk with Almalinux wchich is reliable? Mod_security is available only with standard rule sets, wchich I believe aren't updated frequently, and by checking my log - I see it's blocking legit traffic as well. Immunify360...
  4. J

    Question Installing SSl on Web Site

    I am fairly new to Plesk and have a question about SSL.How do I put an SSL on an individual website when I don't have a .pem file? can I just put it in SSL Certificate area of the tools and settings and install it from there? BTW, I already have the cert.
  5. J

    Question how to deny access from LATAM to my domain

    Hello guys!! i have a server on Wordpress and i need deny access from LATAM but just a subdomain. A need allow access to my principal domain. Eg: Latam can access to domain.com Latam can't access to sub.domain.com Do you have some advice for me? thanks
  6. A

    Question Plesk Security Investigator

    Hi, Is there anything akin to cPanel Security Investigator ( CSI ) which is available on the following URL for Plesk? - GitHub - CpanelInc/tech-CSI: cPanel Security Scan If not, can one be developed? As now cPanel and Plesk are under the same roof of WebPros, hence a collaboration on this tool...
  7. N

    Question Consistent Phishing attacks from plesk.page

    Hi, I am a cybersecurity engineer in the area of phishing. I see hundreds of phishing domains every month from the plesk.page domain and have a few questions. Some of the attacks are from domains with the standard "adjective-scientist.xxx.xxx.xxx.xxx.plesk.page" format and host a multitude...
  8. N

    Question Apache 2.4.52 fixes security issues

    Hi guys, do you have to worry about the server? Ubuntu currently offers a maximum of apache2 2.4.29 with Plesk. German https://www.heise.de/news/Apache-2-4-52-dichtung-Sicherheitslecks-ab-6301584.html English...
  9. M

    Question WP-Toolkit: Show passwords in plain text

    Hi, The admin password of my WordPress installation is stored encrypted in the MySQL database ($P$B...). I am wondering how it's possible for Plesk to display the current WP admin password in plain text if the password isn't stored in the Plesk database. I am aware about this thread: WP...
  10. K

    Question How to password protect website hosted with docker

    So I have a docker container that I want to expose through plesk. I have set it up and it's all working fine, however, when using the "Password Protected Directories" function on the website I have set the docker proxy rule for, it just proxies the connection right through to the container and...
  11. D

    Issue Security valnerability when managing Docker through Plesk

    Docker containers with mapped ports are exposed externally. For example, a MySQL database server within a Docker container, which maps the MySQL port 3306 from within the container to the port 32768 on the host, will be accessible from outside the server. This can be mitigated when creating a...
  12. K

    Need Help related to my Wordpress Website

    Good Day Friends.. I need help related to my Website. I am currently running a micro wordpress website on the topic of how to increase minecraft ram.. I want to upgrade my website security and speed for better SEO performance. I also looking for Content Creators for My website. Is their any one...
  13. T

    Issue Shell file can access C:\

    Hi, I have Plesk Obsidian 18.0.34 on Windows Server 2019. I found a shell file (.aspx shell) on a web site. I moved it to another web site and looked it to see its functions and access limits. But I am shocked when I see results. I can access root folder (C:\) of disk and can access many places...
  14. I

    Resolved DNSSEC not available on Plesk for Windows

    Since the suggestion is made in !2016! for support on DNSSEC on Windows, still not a single reaction besides "We will consider" and "Vote". Its a serious thing for security and it should be a priority for Plesk. Now making a topic on the Obidian forum also, so it doesnt get forgotten :) Please...
  15. learning_curve

    Resolved Fail2Ban Update By Plesk?

    The question has been asked before by others: Question - fail2ban update because it was last updated, prior to Obsidian being upgraded to General Release status: Change Log for Plesk Obsidian yet there's still no sign or inclination, that this well overdue update, will be arriving anytime...
  16. L

    Question iptables port blocking [in & out] - which open, which filtered?

    Hey everyone, how do you handle your firewall? Blocking all incoming traffic and open the related ports for incoming Traffic like 80, 443, 8443 and so on, and do you block also all outgoing traffic and open the related ports for outgoing or just let open all ports for outgoing traffic? Thanks :)
  17. O

    Scheduled security scan with autofix

    Is there an option for scheduled daily/weekly security scan with autofix critical and/or recommended issues ?
  18. B

    Question How to enable 301-Redirect for Plesk Panel (http to https)

    Hello, I want to enable 301 forwarding for my Plesk host. I don't mean a subscription, but for the Plesk server, i.e. the panel itself. I want http requests to be forwarded to https. How can I do that? Thank you in advance for the answers and help! I am using the latest version of Plesk...
  19. J

    Issue How to block service from looking up all domains on my server?

    How to block services like networksdb.io from having full access to all domain on my server?
  20. M

    Question dovecot update when?

    Moin, dovecot has released 2.3.13 to fix e.g. NVD - CVE-2020-24386. plesk-dovecot is still 2.3.7.2-debian9.0.20032110. "leading to access to other users' email messages" is especially relevant in a shared hosting environment, which many plesk users are reselling. When can we expect an update...
Back
Top