security

Hi everyone, We're excited to announce a new security extension - Revisium Antivirus for Websites. OK, what is it? Revisium Antivirus – Intelligent malware detection tool with one-click automatic malware cleanup. Free version of the extension includes a fully-functional comprehensive file...

Hello, A customer plesk running Ubuntu 12.08 and Plesk 12.0.18 was hacked tonight. He sents a file to one subscription using a vulnerable uploadfy.swf on that site, after upload the file the hacker change something in users shadow or other that I dont understand and run a su with root...

Hello, Since two days, my server running on Debian Wheezy with Plesk 12.5 is getting flooded by an attacker using OpenDNS resolver to DDos Avast Secure DNS. Those queries are correctly denied but it generates huge I/O level while writing the denied queries in log files (daemon.log and syslog)...

Hi I am currently using Plesk 12.0.18. I am trying to secure all my admin Plesk Login page using a SSL certificate from let's encrypt. I am able to secure only one of my domain names allowing me to login to plesk admin securely. However I cannot secure any of my other Plesk admin logins for my...

Until very recently, these four items were neatly applied across all active domains on our server, simply by following the very clear instructions posted by @UFHH01 in the second post on this thread For no reason that we can understand or immediatley fix (!) now they are faiing to be applied :(...

Is it possible to implement HTTP Public Key Pinning on Plesk/Onyx? Plesk Onyx v17.5.3_build1705170317.16 os_Ubuntu 16.04 Support HPKP Thanks

Ideally I would like to have every account have two users: 1 for FTP/SSH access, 1 to run apache. Then, the first would be owner of files, the second part of group. Files would have 640 and folders 750. Only upload folders would get 770 and underlaying files 660 so the webserver is able to...

We've been trying to ensure that all of our servers are configured with the "Very Strong" password requirement policy. We most definitely want to ensure a high level of security and we're fine with telling clients "too bad" when their passwords are 6 chars (for example). However we keep finding...

Hi All I wonder if someone can help, I have been using Cloudflare CDN for a while and have decided to discontinue using it, since reverting back my SSL certificate is no longer working, I get an error saying my site is not trusted as the certificate expired 120 days ago, my certificate does...

Hi guys, I'm trying to make an external WordPress management page on my hosting panel and I need the WordPress security check on the result of Plesk. I'd check out the API and it's just return true|false boolean result but I need data like Plesk GUI panel's security check. So can I use HTTP...

--------------------------------------------------------------- PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE Product version: Plesk Onyx 17.0.17 Update #13 Update date: 2017/01/24 03:46 Build date: 2016/11/17 16:00 OS version: CentOS 7.3.1611 Revision...

2017-01-16 04:15:00 Access 89.133.235.113 301 POST /xmlrpc.php HTTP/1.1 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1 178 nginx access 2017-01-16 04:15:01 Error 89.133.235.113 405 GET /xmlrpc.php HTTP/1.1 Mozilla/5.0...

Hello Everyone; I want to upload font files (.svg and .otf and .ttf) by wordpress (Media Library Uploaded) But I face problem this message appear to me: Sorry, this file type is not permitted for security reasons. How I can resolve this problem ? Thanks

I'm getting an alert when I set my PHP version of PHP handler. "There are settings that conflict with the server-wide security policy. Are you sure you want to continue?" I can continue, but I'd like to adjust the server-wide policy to allow any PHP version that is installed - additionally the...

Hi, How to set (export) variable environment for non root user, so that i can securely store some api keys.

Hi everyone, As some of you might know, there was a new security vulnerability for server-side web applications discovered recently. It's called HTTPOXY -- we suggest you to visit https://httpoxy.org/ to learn more details about it in general. In response to this security vulnerability we've...

hello, according to ssllabs i have only TLS 1.2 enable on my server/domain i want to enable TLS 1.1 and TLS 1.0 Any one here to guide me most simplest way to enable TLS 1.0 and TLS 1.1

my server hostname is server.example123.com my main domain is example123.com i was trying to list content of file via php interpreter at my example123.com domain from file /root/somefile (file is owned by root), this root directory is up up outside vhosts directory, i was shock that i could...

Hi there, because of a mistake on my side, I discovered something that I think is weird; I don't know however if it should be considered as a bug... Here comes the "header": ===================== PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE Plesk Panel 11.5.30 Update #51...

Hello, I create 2 websites in Plesk Windows for testing, both in the plesk default app pool (shared) and for my big surprise, I can write any files in SITE2 area from SITE1 subscription, using .NET script .:eek: I do not want to use a Dedicated App Pool for each subscrition to preverse memory...