security

The Nginx version that is bundled with Plesk is the very out-dated 1.11.1 (31 May 2016) and needs updating for fixes for vulnerability CVE-2017-7529 and a long list of bugs. See https://talk.plesk.com/forums/plesk-suggestions-and-feedback.676/create-thread Recommended is updating to the latest...

Hey there, often large Companies with lot's of Workstation are getting blocked because 1 Client in their Office is trying to log in with wrong Password (imap/pop/smtp) - then the whole Office of them is getting blocked and the search which PC/which User is causing the block.starts ... It would...

I've searched for over 30 minutes with no answers anywhere online. What I want to do is enable Cloudflare on my Plesk login subdomain to receive all the security protections Cloudflare provides, however when doing this only Cloudflare IPs are recognized by Plesk and I get locked out. I can't...

Hello, I have installed Slave DNS Manager Extension and set it up successfully. Everything is working great. But, there is only one thing that bothers me. When I run DNS test on mxtoolbox.com it warns "Open Zone Transfer Detected" for Slave Server. I followed the exact instructions that...

Hi everyone, We're excited to announce a new security extension - Revisium Antivirus for Websites. OK, what is it? Revisium Antivirus – Intelligent malware detection tool with one-click automatic malware cleanup. Free version of the extension includes a fully-functional comprehensive file...

Hello, A customer plesk running Ubuntu 12.08 and Plesk 12.0.18 was hacked tonight. He sents a file to one subscription using a vulnerable uploadfy.swf on that site, after upload the file the hacker change something in users shadow or other that I dont understand and run a su with root...

Hello, Since two days, my server running on Debian Wheezy with Plesk 12.5 is getting flooded by an attacker using OpenDNS resolver to DDos Avast Secure DNS. Those queries are correctly denied but it generates huge I/O level while writing the denied queries in log files (daemon.log and syslog)...

Hi I am currently using Plesk 12.0.18. I am trying to secure all my admin Plesk Login page using a SSL certificate from let's encrypt. I am able to secure only one of my domain names allowing me to login to plesk admin securely. However I cannot secure any of my other Plesk admin logins for my...

Until very recently, these four items were neatly applied across all active domains on our server, simply by following the very clear instructions posted by @UFHH01 in the second post on this thread For no reason that we can understand or immediatley fix (!) now they are faiing to be applied :(...

Is it possible to implement HTTP Public Key Pinning on Plesk/Onyx? Plesk Onyx v17.5.3_build1705170317.16 os_Ubuntu 16.04 Support HPKP Thanks

Ideally I would like to have every account have two users: 1 for FTP/SSH access, 1 to run apache. Then, the first would be owner of files, the second part of group. Files would have 640 and folders 750. Only upload folders would get 770 and underlaying files 660 so the webserver is able to...

We've been trying to ensure that all of our servers are configured with the "Very Strong" password requirement policy. We most definitely want to ensure a high level of security and we're fine with telling clients "too bad" when their passwords are 6 chars (for example). However we keep finding...

Hi All I wonder if someone can help, I have been using Cloudflare CDN for a while and have decided to discontinue using it, since reverting back my SSL certificate is no longer working, I get an error saying my site is not trusted as the certificate expired 120 days ago, my certificate does...

Hi guys, I'm trying to make an external WordPress management page on my hosting panel and I need the WordPress security check on the result of Plesk. I'd check out the API and it's just return true|false boolean result but I need data like Plesk GUI panel's security check. So can I use HTTP...

--------------------------------------------------------------- PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE Product version: Plesk Onyx 17.0.17 Update #13 Update date: 2017/01/24 03:46 Build date: 2016/11/17 16:00 OS version: CentOS 7.3.1611 Revision...

2017-01-16 04:15:00 Access 89.133.235.113 301 POST /xmlrpc.php HTTP/1.1 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1 178 nginx access 2017-01-16 04:15:01 Error 89.133.235.113 405 GET /xmlrpc.php HTTP/1.1 Mozilla/5.0...

Hello Everyone; I want to upload font files (.svg and .otf and .ttf) by wordpress (Media Library Uploaded) But I face problem this message appear to me: Sorry, this file type is not permitted for security reasons. How I can resolve this problem ? Thanks

I'm getting an alert when I set my PHP version of PHP handler. "There are settings that conflict with the server-wide security policy. Are you sure you want to continue?" I can continue, but I'd like to adjust the server-wide policy to allow any PHP version that is installed - additionally the...

Hi, How to set (export) variable environment for non root user, so that i can securely store some api keys.

Hi everyone, As some of you might know, there was a new security vulnerability for server-side web applications discovered recently. It's called HTTPOXY -- we suggest you to visit https://httpoxy.org/ to learn more details about it in general. In response to this security vulnerability we've...