• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

security

  1. P

    Issue Nginx version bundled with Plesk is out-dated

    The Nginx version that is bundled with Plesk is the very out-dated 1.11.1 (31 May 2016) and needs updating for fixes for vulnerability CVE-2017-7529 and a long list of bugs. See https://talk.plesk.com/forums/plesk-suggestions-and-feedback.676/create-thread Recommended is updating to the latest...
  2. futureweb

    Input fail2ban - Add Details (Login Name)

    Hey there, often large Companies with lot's of Workstation are getting blocked because 1 Client in their Office is trying to log in with wrong Password (imap/pop/smtp) - then the whole Office of them is getting blocked and the search which PC/which User is causing the block.starts ... It would...
  3. J.Wick

    Question How-to protect Plesk Login with CloudFlare & IP Restriction?

    I've searched for over 30 minutes with no answers anywhere online. What I want to do is enable Cloudflare on my Plesk login subdomain to receive all the security protections Cloudflare provides, however when doing this only Cloudflare IPs are recognized by Plesk and I get locked out. I can't...
  4. Branko

    Resolved Slave DNS Manager Extension security

    Hello, I have installed Slave DNS Manager Extension and set it up successfully. Everything is working great. But, there is only one thing that bothers me. When I run DNS test on mxtoolbox.com it warns "Open Zone Transfer Detected" for Slave Server. I followed the exact instructions that...
  5. revisium

    Input Revisium Antivirus for Websites

    Hi everyone, We're excited to announce a new security extension - Revisium Antivirus for Websites. OK, what is it? Revisium Antivirus – Intelligent malware detection tool with one-click automatic malware cleanup. Free version of the extension includes a fully-functional comprehensive file...
  6. Luiz_Gustavo

    Issue Plesk server hacked

    Hello, A customer plesk running Ubuntu 12.08 and Plesk 12.0.18 was hacked tonight. He sents a file to one subscription using a vulnerable uploadfy.swf on that site, after upload the file the hacker change something in users shadow or other that I dont understand and run a su with root...
  7. J

    Resolved Server get flooded - DDos using OpenDNS resolver

    Hello, Since two days, my server running on Debian Wheezy with Plesk 12.5 is getting flooded by an attacker using OpenDNS resolver to DDos Avast Secure DNS. Those queries are correctly denied but it generates huge I/O level while writing the denied queries in log files (daemon.log and syslog)...
  8. G

    Resolved Plesk 12.0.18 SSL Security

    Hi I am currently using Plesk 12.0.18. I am trying to secure all my admin Plesk Login page using a SSL certificate from let's encrypt. I am able to secure only one of my domain names allowing me to login to plesk admin securely. However I cannot secure any of my other Plesk admin logins for my...
  9. learning_curve

    Resolved XFrame Options / X-XSS-Protection / X-Content-Type-Options / HSTS

    Until very recently, these four items were neatly applied across all active domains on our server, simply by following the very clear instructions posted by @UFHH01 in the second post on this thread For no reason that we can understand or immediatley fix (!) now they are faiing to be applied :(...
  10. C

    Resolved Implementing HTTP Public Key Pinning on Plesk/Onyx

    Is it possible to implement HTTP Public Key Pinning on Plesk/Onyx? Plesk Onyx v17.5.3_build1705170317.16 os_Ubuntu 16.04 Support HPKP Thanks
  11. K

    Question [discussion] what file permission strategy to follow?

    Ideally I would like to have every account have two users: 1 for FTP/SSH access, 1 to run apache. Then, the first would be owner of files, the second part of group. Files would have 640 and folders 750. Only upload folders would get 770 and underlaying files 660 so the webserver is able to...
  12. websavers

    Issue "Very Strong" password policy is unnecessarily prohibitive

    We've been trying to ensure that all of our servers are configured with the "Very Strong" password requirement policy. We most definitely want to ensure a high level of security and we're fine with telling clients "too bad" when their passwords are 6 chars (for example). However we keep finding...
  13. Wes Dunn

    Issue Expired SSL Problem

    Hi All I wonder if someone can help, I have been using Cloudflare CDN for a while and have decided to discontinue using it, since reverting back my SSL certificate is no longer working, I get an error saying my site is not trusted as the certificate expired 120 days ago, my certificate does...
  14. deadfish

    Question how to : WP Security result and Plesk HTTP basic auth ?

    Hi guys, I'm trying to make an external WordPress management page on my hosting panel and I need the WordPress security check on the result of Plesk. I'd check out the API and it's just return true|false boolean result but I need data like Plesk GUI panel's security check. So can I use HTTP...
  15. danami

    Issue "Restrict the ability to follow symbolic links" in Service Plan does not sync with Subscription

    --------------------------------------------------------------- PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE Product version: Plesk Onyx 17.0.17 Update #13 Update date: 2017/01/24 03:46 Build date: 2016/11/17 16:00 OS version: CentOS 7.3.1611 Revision...
  16. L

    Question what do you do for this type of thing... (security?)

    2017-01-16 04:15:00 Access 89.133.235.113 301 POST /xmlrpc.php HTTP/1.1 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1 178 nginx access 2017-01-16 04:15:01 Error 89.133.235.113 405 GET /xmlrpc.php HTTP/1.1 Mozilla/5.0...
  17. iGraphics

    Issue Wordpress won't upload fonts files (Sorry, this file type is not permitted for security reasons.)

    Hello Everyone; I want to upload font files (.svg and .otf and .ttf) by wordpress (Media Library Uploaded) But I face problem this message appear to me: Sorry, this file type is not permitted for security reasons. How I can resolve this problem ? Thanks
  18. Daniel West

    Issue Configuring server-wide security policy. PHP Version and Handler

    I'm getting an alert when I set my PHP version of PHP handler. "There are settings that conflict with the server-wide security policy. Are you sure you want to continue?" I can continue, but I'd like to adjust the server-wide policy to allow any PHP version that is installed - additionally the...
  19. SMAHI

    Question How to set (export) variable environment for non root user

    Hi, How to set (export) variable environment for non root user, so that i can securely store some api keys.
  20. custer

    HTTPOXY security vulnerability

    Hi everyone, As some of you might know, there was a new security vulnerability for server-side web applications discovered recently. It's called HTTPOXY -- we suggest you to visit https://httpoxy.org/ to learn more details about it in general. In response to this security vulnerability we've...
Back
Top