1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

0day exploit selling for Plesk <= 10.4.4

Discussion in 'Plesk 10.x for Linux Suggestions and Feedback' started by GunFood, Jul 11, 2012.

  1. GunFood

    GunFood Basic Pleskian

    21
    73%
    Joined:
    Aug 28, 2009
    Messages:
    49
    Likes Received:
    0
    Location:
    Berlin
    Got a mail:

    Plesk 0Day For Sale As Thousands of Sites Hacked
    via Krebs on Security von BrianKrebs am 10.07.12

    Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels Plesk Panel, a software suite used to remotely administer hosted servers at a large number of Internet hosting firms. The attack comes amid reports from multiple sources indicating a spike in Web site compromises that appear to trace back to Plesk installations.

    A hacker selling access to a Plesk exploit.

    A miscreant on one very exclusive cybercrime forum has been selling the ability to hack any site running Plesk Panel version 10.4.4 and earlier. The hacker, a longtime member of the forum who has a history of selling reliable software exploits, has even developed a point-and-click tool that he claims can recover the admin password from a vulnerable Plesk installation, as well as read and write files to the Plesk Panel (see screen shot at right).

    The exploit is being sold for $8,000 a pop, and according to the seller the vulnerability it targets remains unpatched. Multiple other members appear to have used it and vouched for its value.

    Its unclear whether this claimed exploit is related to a rash of recent attacks against Plesk installations. Sucuri Malware Labs, a company that tracks mass Web site compromises, told SC Magazine that some 50,000 sites have recently been compromised as part of a sustained malware injection attack, and that a majority of the hacked sites involved Plesk installations.

    What is interesting is that most of our clients always used to be using CMSs (like WordPress, Joomla, etc), but lately we are seeing such a large number of just plain HTML sites getting compromised and when we look deeper, they are always using Plesk, Sucuris Daniel Cid said in a follow-up interview with KrebsOnSecurity.com.

    In a detailed blog post last month about a new technological advancement in BlackHole exploit kits, malware researcher Denis Sinegubko examined more than a dozen sites that were seeded with the newer BlackHole kits. He discovered that the common link was Plesk, and said the culprit was likely a now-patched security hole in Plesk versions prior to 10.4.

    But over the past few days, a number of Plesk users have been flooding the Parallels user forum, complaining of having their servers compromised even though they were running the latest versions of the software.

    Screenshot:
    http://krebsonsecurity.com/wp-content/uploads/2012/07/plesk0day.png
     
  2. LarsenD

    LarsenD Regular Pleskian

    22
    23%
    Joined:
    Apr 12, 2011
    Messages:
    131
    Likes Received:
    1
    @Parallels: Please post some information ASAP
     
  3. JustForSupport

    JustForSupport Guest

    0
     
  4. LarsenD

    LarsenD Regular Pleskian

    22
    23%
    Joined:
    Apr 12, 2011
    Messages:
    131
    Likes Received:
    1
    According to our hosting provider this affects Windows installations only, but I wouldn´t rely on that. Definately need information from Parallels.
     
  5. Knarf

    Knarf Basic Pleskian

    18
    85%
    Joined:
    Jan 22, 2011
    Messages:
    60
    Likes Received:
    0
    Location:
    The Netherlands
  6. LarsenD

    LarsenD Regular Pleskian

    22
    23%
    Joined:
    Apr 12, 2011
    Messages:
    131
    Likes Received:
    1
    @Knarf: Thx!
     
  7. Knarf

    Knarf Basic Pleskian

    18
    85%
    Joined:
    Jan 22, 2011
    Messages:
    60
    Likes Received:
    0
    Location:
    The Netherlands
  8. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
Loading...