• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

security

  1. custer

    HTTPOXY security vulnerability

    Hi everyone, As some of you might know, there was a new security vulnerability for server-side web applications discovered recently. It's called HTTPOXY -- we suggest you to visit https://httpoxy.org/ to learn more details about it in general. In response to this security vulnerability we've...
  2. N

    Question Need help with TLS

    hello, according to ssllabs i have only TLS 1.2 enable on my server/domain i want to enable TLS 1.1 and TLS 1.0 Any one here to guide me most simplest way to enable TLS 1.0 and TLS 1.1
  3. B

    Issue Critical vulnerability in plesk ?, main domain

    my server hostname is server.example123.com my main domain is example123.com i was trying to list content of file via php interpreter at my example123.com domain from file /root/somefile (file is owned by root), this root directory is up up outside vhosts directory, i was shock that i could...
  4. 2

    "New Certificate" page will display saystem files when uploading symbolic link

    Hi there, because of a mistake on my side, I discovered something that I think is weird; I don't know however if it should be considered as a bug... Here comes the "header": ===================== PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE Plesk Panel 11.5.30 Update #51...
  5. Luiz_Gustavo

    Security problem when Shared App Pool

    Hello, I create 2 websites in Plesk Windows for testing, both in the plesk default app pool (shared) and for my big surprise, I can write any files in SITE2 area from SITE1 subscription, using .NET script .:eek: I do not want to use a Dedicated App Pool for each subscrition to preverse memory...
  6. Ben

    Wordpress Scan when wp-contents has been renamed

    I habitually rename my wp-contents directory for security reasons (as part of iThemes Security). As a result Plesk no longer recognises the Wordpress installations on the server, when scanning so I'm unable to take advantage of Plesk's Wordpress features. Please could this be modified to allow...
  7. Paul Ellison

    Extension Development

    I am looking to develop my own Plesk extension to implement Two Factor Authentication though a third party provider called Duo Security. Having read a fair amount of documentation I have only found information about replacing/complementing the existing Username/Password login. Code from Google...
  8. S

    Wordpress toolkit security check not available in Plesk 12.5.30 update #23

    Hello all. We have Plesk 12.5.30 update #23 installed on an Ubuntu 14.04 server and we wanted to use the Wordpress Toolkit to check the Wordpress installation security. Regrettably this functionality seems to be gone. (Please see screenshot) Is there any way to get all the amazing Wordpress...
  9. S

    File Permissions Confusion

    Using Plesk 12.0.18 on Windows Server 2012, we're running php code that has two ways of adding files to the host. If we create the file using a pdf library on the host and save it in host subdirectory X, it has the same ownership properties as subdirectory X itself. If we use...
  10. E

    Plesk 12.5.30 Pyhton Enable But Security?

    Hi, I Have a Cloudlinux and Plesk 12.5.30. My client wants to support Python. (May be perl support ?) This is not problem for me. To enable Python scripting engine go to Tools & Settings > Apache Web Server > check python. and Hosting Settings.Under Web Scripting and Statistics check the...
  11. Y

    Plesk cookies with "secure" attribute on 8443 port

    Hi, Recently we ran into a problem with PCI compliance scan on our sever with Linux Plesk 12.0.18 installed (CentOS release 6.6 OS). The problem is that cookie which is sent when you open control panel login page at 8443 port does not have "secure" attribute. According to most recent PCI...
  12. R

    Plesk 12.x.x Backup Manager Encryption - Security Issue

    Hi all, I have got the Plesk backup manager running scheduled back up jobs to a private FTP server without any trouble i've noted that even though that encryption and a very strong password is used at Plesk Backup Manager settings the file can be easily opened without anytrouble using 7-ZIP...
  13. danami

    Resolved Juggernaut Security and Firewall Plesk Addon

    Juggernaut Security and Firewall Extension for Plesk Juggernaut features a SPI firewall, brute force protection, real-time connection tracking, intrusion detection, dynamic block lists, statistics and reporting, modsecurity auditing, country blocking and more cutting-edge technology to handle...
    • danami
    • Thread
    • extension fail2ban firewall modsecurity security
    • Replies: 114
    • Forum: Plesk Extensions
Back
Top