security

Hello guys!! i have a server on Wordpress and i need deny access from LATAM but just a subdomain. A need allow access to my principal domain. Eg: Latam can access to domain.com Latam can't access to sub.domain.com Do you have some advice for me? thanks

Hi, Is there anything akin to cPanel Security Investigator ( CSI ) which is available on the following URL for Plesk? - GitHub - CpanelInc/tech-CSI: cPanel Security Scan If not, can one be developed? As now cPanel and Plesk are under the same roof of WebPros, hence a collaboration on this tool...

Hi, I am a cybersecurity engineer in the area of phishing. I see hundreds of phishing domains every month from the plesk.page domain and have a few questions. Some of the attacks are from domains with the standard "adjective-scientist.xxx.xxx.xxx.xxx.plesk.page" format and host a multitude...

Hi guys, do you have to worry about the server? Ubuntu currently offers a maximum of apache2 2.4.29 with Plesk. German https://www.heise.de/news/Apache-2-4-52-dichtung-Sicherheitslecks-ab-6301584.html English...

Hi, The admin password of my WordPress installation is stored encrypted in the MySQL database ($P$B...). I am wondering how it's possible for Plesk to display the current WP admin password in plain text if the password isn't stored in the Plesk database. I am aware about this thread: WP...

So I have a docker container that I want to expose through plesk. I have set it up and it's all working fine, however, when using the "Password Protected Directories" function on the website I have set the docker proxy rule for, it just proxies the connection right through to the container and...

Docker containers with mapped ports are exposed externally. For example, a MySQL database server within a Docker container, which maps the MySQL port 3306 from within the container to the port 32768 on the host, will be accessible from outside the server. This can be mitigated when creating a...

Good Day Friends.. I need help related to my Website. I am currently running a micro wordpress website on the topic of how to increase minecraft ram.. I want to upgrade my website security and speed for better SEO performance. I also looking for Content Creators for My website. Is their any one...

Hi, I have Plesk Obsidian 18.0.34 on Windows Server 2019. I found a shell file (.aspx shell) on a web site. I moved it to another web site and looked it to see its functions and access limits. But I am shocked when I see results. I can access root folder (C:\) of disk and can access many places...

Since the suggestion is made in !2016! for support on DNSSEC on Windows, still not a single reaction besides "We will consider" and "Vote". Its a serious thing for security and it should be a priority for Plesk. Now making a topic on the Obidian forum also, so it doesnt get forgotten :) Please...

The question has been asked before by others: Question - fail2ban update because it was last updated, prior to Obsidian being upgraded to General Release status: Change Log for Plesk Obsidian yet there's still no sign or inclination, that this well overdue update, will be arriving anytime...

Hey everyone, how do you handle your firewall? Blocking all incoming traffic and open the related ports for incoming Traffic like 80, 443, 8443 and so on, and do you block also all outgoing traffic and open the related ports for outgoing or just let open all ports for outgoing traffic? Thanks :)

Is there an option for scheduled daily/weekly security scan with autofix critical and/or recommended issues ?

Hello, I want to enable 301 forwarding for my Plesk host. I don't mean a subscription, but for the Plesk server, i.e. the panel itself. I want http requests to be forwarded to https. How can I do that? Thank you in advance for the answers and help! I am using the latest version of Plesk...

How to block services like networksdb.io from having full access to all domain on my server?

Moin, dovecot has released 2.3.13 to fix e.g. NVD - CVE-2020-24386. plesk-dovecot is still 2.3.7.2-debian9.0.20032110. "leading to access to other users' email messages" is especially relevant in a shared hosting environment, which many plesk users are reselling. When can we expect an update...

This (What DDoS protection tools are available in Plesk) recently updated article shows that we still need paid extensions to better protect our servers against ddos attacks. It would be great if Plesk would create a more advanced anti-ddos monitoring tool with a useful interface, alerts, and...

I recently needed to connect to my Plesk server, via SSH, using my Root credentials. My choice of software being PuTTy. To achieve this, I had to perform the following commands, due to having previously disabled Root access via SSH: login as: [Another user on the Plesk server] password...

I have recently come to realise that it is considered good practice, from a security point of view, to change the default Port for SSH client connection from 22. I have spoken with my VPS provider, who has confirmed that all 65,535 Ports are available for use. Would I then be right in thinking...

Hello, I realized today that I can easily setup an email account in my email client with ANY email address and use my Plesk SMTP account credentials for it. That means: A person from one company (domain) on my server can send emails in the name of another person from the same or even another...