• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

security

  1. P

    Input More advanced anti-ddos interface and settings

    This (What DDoS protection tools are available in Plesk) recently updated article shows that we still need paid extensions to better protect our servers against ddos attacks. It would be great if Plesk would create a more advanced anti-ddos monitoring tool with a useful interface, alerts, and...
  2. C

    Question Is SSH access, via PuTTy, an encrypted connection?

    I recently needed to connect to my Plesk server, via SSH, using my Root credentials. My choice of software being PuTTy. To achieve this, I had to perform the following commands, due to having previously disabled Root access via SSH: login as: [Another user on the Plesk server] password...
  3. C

    Question Can I change the default Port, for SSH Client connection, to any available Port number?

    I have recently come to realise that it is considered good practice, from a security point of view, to change the default Port for SSH client connection from 22. I have spoken with my VPS provider, who has confirmed that all 65,535 Ports are available for use. Would I then be right in thinking...
  4. T

    Issue Sending emails from other email addresses

    Hello, I realized today that I can easily setup an email account in my email client with ANY email address and use my Plesk SMTP account credentials for it. That means: A person from one company (domain) on my server can send emails in the name of another person from the same or even another...
  5. H

    Issue security issue on windows server 2019 to 2012

    in my windows server with plesk obsidian and mssql 2019 I feel like I've been attacked by malware. There are two files in the C:\ProgramData\Application\Windows. File named runtime.bat with the following content: net user PleskDeploy 123_Hoho /add & net localgroup administrators PleskDeploy...
  6. C

    Input New extension Deny-country

    Hello We are excited to announce the release of our new plugin Deny-Country for plesk: Deny-country - Plesk Extensions With this extension you will be able to: - Limit / deny general access of your website per country (Very useful to avoid intensive access from a specific country that can...
  7. S

    Resolved Apache TraceEnable off

    Following my security path before to submit the system to a penetration test I find that I should disable this feature in Apache TraceEnable off though I haven't found any article related to Plesk, where should I put this config? in the httpd.conf? or is something that Plesk has already...
  8. S

    Resolved Plesk penetration test security

    Hello everyone, we are going to submit out system to a penetration testing and we are trying to fix some minor problems before to do it but I have some problems with this configuration for Apache ServerTokens ProductOnly ServerSignature Off Header set X-XSS-Protection "1; mode=block" Header...
  9. Martin73

    Question How to block a country

    I run a virtual server and register more and more attacks from Asia. Especially from China and via a provider called DigitalOcean. What is the easiest way to block an entire country in Plesk? With htaccess I can only block access to a single website. And the file has to be read every time a...
  10. C

    Question Can the Plesk Firewall extension potentially 'Lock me out' of a server?

    I am contemplating the installation of the Plesk Firewall extension, where I can see that Policies and Rules can be set as to restrict access to a server based on IP. Firstly, what is the difference between restricting access by IP within 'Plesk's Firewall Extension' and within 'Tools &...
  11. O

    Question How to fine-tune Fail2Ban? (filters, jails, settings, Nginx, blocklists, badips sync, IPv6)

    Dear fellow Pleskians, Following quite a few hours of reading posts on this forum, and the Plesk docs (Protection Against Brute Force Attacks (Fail2Ban)), and a few interesting technical chats with more experienced people, I've significantly reduced the no of IPs hammering my server. Now I...
  12. T

    Question security extensions

    Hi! :) Plesk has many security extensions, many! Could you tell me which is the best investment to sleep well at night? What is the best combination of extensions to be completely covered? Thank you! :D
  13. T

    Question Security, security and more security!

    Hi! :) I've been working with servers and plesk for two years, but learning from tutorials. Now I'm going to set up my own dedicated server, but I'm pretty scared about security. There are tutorials that say I need to install ClamAV and RKhunter on my server, regardless of the security of...
  14. Sysmonet

    Issue Tutorial to secure Plesk on Linux Server

    Hi; As a newbie to VPS and Plesk, I tried to secure my server following the tutorials. But when I started by changing the port in sshd_config, I got connection refused. I reinstalled my VPS, started from zero and each time I get some kind of error. All I want is to sleep comfortably knowing that...
  15. learning_curve

    Resolved Roundcube Security Issue

    Via Plesk, we provide (and so have users that prefer to use) Roundcube Webmail. There's already a lot of very helpful Plesk pages, which we've used previoulsy, to make this even more secure than the default settings it is provided with. The quickest way to make all these modifications in our...
  16. J

    Issue Is there a way to configure Plesk to use a Windows Authentication login?

    I have a bunch of sites setup in Plesk. Most of them are running MSSQL hosted by the same server. Each database is supplied with it's own MSSQL login credentials. This allows me to connect to each database remotely. I disabled the sa account because it's extremely bad practice to expose this...
  17. learning_curve

    Question Recent Nginx Security Issues - Anything Similar With Plesk's Own Nginx Packages?

    A couple of days ago, Nginx identified some issues which they have fixed by releasing a stable version of 1.14.1 Subsequently, Ubuntu have identified these security issues affect their own OS Nginx packages on these releases: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS The...
  18. Edward Dekker

    Issue Webmail not set to SSL when SSL cetificate are activated

    Hi to everyone, I want to let you know that i seeing a situation about the Webmail subdomain. When i activating a new SSL certificate to my webmail. Then the https will not be activated automaticly by Plesk Onyx. Regards, Edward
  19. revisium

    Resolved Revisium Antivirus for Websites 2.0-x

    Hi everyone! We're excited to get back with a significant update of Revisium Antivirus 2.0-17. What's new? * Now it's available in three versions: Free, Premium and Shared Hosting editions. * Free edition is still a full-featured malware file scanner and domain reputation checker; no trials...
  20. CoyoteKG

    WP Toolkit, Problem with file permissions

    Hello, I just wanted to follow this cool Advisor feature, and fix all suggestions one by one. Untill now I thought that all my WordPress instances are secured, because status on all instances was "secured". But after security scanning, I got "Danger" status, reported only file permissions...
Back
Top