security

Hi Forum At the moment we have BitNinja running but I'm thinking about replacing it with an equivalent. Does anyone have a recommendation or can point me at a good comparison resource? Thanks

APP Check has highlighted the following:- POSSIBLE DEPENDENCY CONFUSION It is extremely common for applications to depend on packages from public registries such as NPM, Maven Central, Packagist, and Python Package Index. It is also common for organisations to utilise private registries to...

Hello, can somebody can help me with finding server security solution for Plesk with Almalinux wchich is reliable? Mod_security is available only with standard rule sets, wchich I believe aren't updated frequently, and by checking my log - I see it's blocking legit traffic as well. Immunify360...

I am fairly new to Plesk and have a question about SSL.How do I put an SSL on an individual website when I don't have a .pem file? can I just put it in SSL Certificate area of the tools and settings and install it from there? BTW, I already have the cert.

Hello guys!! i have a server on Wordpress and i need deny access from LATAM but just a subdomain. A need allow access to my principal domain. Eg: Latam can access to domain.com Latam can't access to sub.domain.com Do you have some advice for me? thanks

Hi, Is there anything akin to cPanel Security Investigator ( CSI ) which is available on the following URL for Plesk? - GitHub - CpanelInc/tech-CSI: cPanel Security Scan If not, can one be developed? As now cPanel and Plesk are under the same roof of WebPros, hence a collaboration on this tool...

Hi, I am a cybersecurity engineer in the area of phishing. I see hundreds of phishing domains every month from the plesk.page domain and have a few questions. Some of the attacks are from domains with the standard "adjective-scientist.xxx.xxx.xxx.xxx.plesk.page" format and host a multitude...

Hi guys, do you have to worry about the server? Ubuntu currently offers a maximum of apache2 2.4.29 with Plesk. German https://www.heise.de/news/Apache-2-4-52-dichtung-Sicherheitslecks-ab-6301584.html English...

Hi, The admin password of my WordPress installation is stored encrypted in the MySQL database ($P$B...). I am wondering how it's possible for Plesk to display the current WP admin password in plain text if the password isn't stored in the Plesk database. I am aware about this thread: WP...

So I have a docker container that I want to expose through plesk. I have set it up and it's all working fine, however, when using the "Password Protected Directories" function on the website I have set the docker proxy rule for, it just proxies the connection right through to the container and...

Docker containers with mapped ports are exposed externally. For example, a MySQL database server within a Docker container, which maps the MySQL port 3306 from within the container to the port 32768 on the host, will be accessible from outside the server. This can be mitigated when creating a...

Good Day Friends.. I need help related to my Website. I am currently running a micro wordpress website on the topic of how to increase minecraft ram.. I want to upgrade my website security and speed for better SEO performance. I also looking for Content Creators for My website. Is their any one...

Hi, I have Plesk Obsidian 18.0.34 on Windows Server 2019. I found a shell file (.aspx shell) on a web site. I moved it to another web site and looked it to see its functions and access limits. But I am shocked when I see results. I can access root folder (C:\) of disk and can access many places...

Since the suggestion is made in !2016! for support on DNSSEC on Windows, still not a single reaction besides "We will consider" and "Vote". Its a serious thing for security and it should be a priority for Plesk. Now making a topic on the Obidian forum also, so it doesnt get forgotten :) Please...

The question has been asked before by others: Question - fail2ban update because it was last updated, prior to Obsidian being upgraded to General Release status: Change Log for Plesk Obsidian yet there's still no sign or inclination, that this well overdue update, will be arriving anytime...

Hey everyone, how do you handle your firewall? Blocking all incoming traffic and open the related ports for incoming Traffic like 80, 443, 8443 and so on, and do you block also all outgoing traffic and open the related ports for outgoing or just let open all ports for outgoing traffic? Thanks :)

Is there an option for scheduled daily/weekly security scan with autofix critical and/or recommended issues ?

Hello, I want to enable 301 forwarding for my Plesk host. I don't mean a subscription, but for the Plesk server, i.e. the panel itself. I want http requests to be forwarded to https. How can I do that? Thank you in advance for the answers and help! I am using the latest version of Plesk...

How to block services like networksdb.io from having full access to all domain on my server?

Moin, dovecot has released 2.3.13 to fix e.g. NVD - CVE-2020-24386. plesk-dovecot is still 2.3.7.2-debian9.0.20032110. "leading to access to other users' email messages" is especially relevant in a shared hosting environment, which many plesk users are reselling. When can we expect an update...