Discussion of plesk ui usability

[DemonLee]

+1

What he said

As far as i see it there is only 1 solution to "fix" plesk:

Admit that 11 and 10 are mistakes, take the losses and move on. Technically they might be ok but UI-wise they are the biggest mistake since the invention of the chocolate coffeepot.

You will never ever fix something by adding more stuff to it. Sometimes you need to be able to let go of a mistake and start over. For plesk that is not even needed because there was a version with a clean and very usable interface. That was plesk 8.6. True, it missed a lot of things like reseller/client tiers, ipv6, sni, etc... but things that are missing can be added.

So i would say:
Get the code back out from plesk 8.6 and build on that. Maybe not the code, but the user interface setup idea behind it: 1 single page as a starting point to manage a domain with everything a domain possible could have on that page and the ability to hide unwanted buttons.

Every country has its own tax rules, vat rules, invoice rules, etc... the whole customer/subscription setup is only unwanted extra complication to everyone that doesn't use the Customer & Business Manager.

We professionals need a hosting control panel, not an hosting/semi-invoicing panel. I know it is possible to not install the Customer & Business Manager, but if i choose to not install it, i don't want the remains from it either.

regards
Jan

Parallels Certified Automation Professional
Plesk Platinum Partner
Plesk user since v 1.3.1

 

[DemonLee]

Misunderstanding

Uhhhm, the image may look like it is more than one page, but on my screen (large) it is not, it fits all on one page!

 

[HostaHost]

Error: Unable to switch to the Power User view because there are customer or reseller accounts created in Panel.

That answer illustrates perfectly that parallels has no idea what we, your paying customers, are talking about. What good is a hosting control panel in wish i can not create resellers?
Please continue ignoring our wishes, all the way up to the point that we start ignoring your product.

regards
Jan

Exactly.

Every try to create a subscription as a reseller? Oh wait, you can't. You have to create it as admin then change its ownership then re-ip it because the ip address can't move from you to the reseller if it's exclusive.

 

[HostaHost]

As far as i see it there is only 1 solution to "fix" plesk:

Admit that 11 and 10 are mistakes, take the losses and move on. Technically they might be ok but UI-wise they are the biggest mistake since the invention of the chocolate coffeepot.

Perfectly accurate!

We've been using it since 7 and our customers are more pissed off than ever about the interface.

But hey, Web Host Magazine says version 11.5 is the best thing since sliced bread. Remind me to never rely on anything they've reviewed, ever.

 

[IgorG]

Exactly! WebHost Magazine just named Parallels Plesk Panel 11.5 its Editors' Choice for June 2013!

The newly released Parallels Plesk Panel 11.5 is the most powerful and versatile Web Hosting control panel available today,and makes Website and domain management a breeze.

 

[HostaHost]

Exactly! WebHost Magazine just named Parallels Plesk Panel 11.5 its Editors' Choice for June 2013!

Clearly web host magazine's editors have never actually worked at a web host or used Plesk. The best part of the article is them describing how 'easy' it is to upgrade to 11.5. They have obviously never upgraded Plesk or they'd have killed themselves before finishing the article.

Oh, by the way, new remote exploit for Plesk 9 was published today on the Full Disclosure mailing list; thanks!

 

[IgorG]

Clearly web host magazine's editors have never actually worked at a web host or used Plesk.

Any proof?

Oh, by the way, new remote exploit for Plesk 9 was published today on the Full Disclosure mailing list; thanks!

http://seclists.org/fulldisclosure/2013/Jun/25

As best I can tell, this exploit only works on very specific configurations that may or may not actually be related to Plesk; I'm not able to tell because I have not found a version of Plesk that the vulnerability worked on to be able to determine why.

BTW, http://www.parallels.com/products/plesk/lifecycle/

End of Life & Support for Plesk 9 - June 9, 2013

 

[HostaHost]

Any proof?

Yes, the fact that I've been using Plesk for nearly ten years, have been doing hosting for even longer, and know that it gets worse and more difficult to support with each release. Oh yeah, tell me how often Plesk 8 had remote compromises? Those have increased steadily with the newer versions too. Don't even get me started on the billing system; we've had tickets about how broken that is last weeks before they get resolved, including a current one that has been 'escalated' several times and no one can seem to figure it out.

In summation, anyone who has actually worked with Plesk for a long time, and does hosting, would certainly not feel it comes anywhere close to award-worthy; hence, they must not actually work in the hosting industry.

http://seclists.org/fulldisclosure/2013/Jun/25

Not sure what your point is. That post seems to suggest that there are valid configurations that could produce the vulnerability, AND, if you had paid attention to any of the other discussion of that same thread both on the mailing list and on Reddit, you'd know that the vulnerable configuration definitely existed in some versions of Plesk 9. But hey, if you think releasing a web-based software product with the following configuration:

scriptAlias /phppath/ "/usr/bin/"

is a good idea, more power to you, that just goes to show why we can't trust Plesk to be secure. What kind of company would think giving remote attackers a way to call binaries in /usr/bin would be a good idea to begin with?!?!

BTW, http://www.parallels.com/products/plesk/lifecycle/

End of Life & Support for Plesk 9 - June 9, 2013

Everyone knows it's no longer supported. The fact that people knowingly choose to continue using Plesk 8 and 9 is a testament to how bad 10 and 11 are in comparison, or just to how horrible the upgrade process is and how often it goes wrong.

 

[Linulex]

BTW, http://www.parallels.com/products/plesk/lifecycle/

End of Life & Support for Plesk 9 - June 9, 2013

Is your calender broke? last time i looked on mine it was june 6 and my teacher in first grade told me that 6 comes before 9.

And tbh, it doesn't matter if its end of life or not. you know just as i that a lot of people still use older plesk versions and its your software so its your responsibility.

regards
Jan

 

[/dev/null]

Is your calender broke? last time i looked on mine it was june 6 and my teacher in first grade told me that 6 comes before 9.

And tbh, it doesn't matter if its end of life or not. you know just as i that a lot of people still use older plesk versions and its your software so its your responsibility.

regards
Jan

Jan I think it is too easy to put the blame on Parallels. Companies chose to run the older versions (probably because it upgrading brings a lot of
unwanted stress on support desk / admins, customers , but we all know I think that the best way is to do it is to upgrade.

I know from experience that upgrading Plesk can be a pain in the *** but it is the only way to keep it safe. Other panels also have
their exploits if you do not upgrade.

 

[IgorG]

Is your calender broke? last time i looked on mine it was june 6 and my teacher in first grade told me that 6 comes before 9.

Sorry, but if you can not understand it, it was just a reminder.

 

[Kirill K]

You cannot migrate in a domain with an 'A' record for the 'www' as Plesk Designers have decided it should use a CNAME contrary to historical preferences. So instead of 'www' A 109.104.xx.xx they want it to have www CNAME www.domainname......! This causes a failure to migrate the domain, despite the fact it imports the mail accounts but you can't see them unless you look in the USERS option.

We checked this case on transfer (migration) to 11.5.29 - domain with 'A' record for 'www' is migrated without problems (but with non-critical warning - warning will be fixed in one of the upcoming updates).

Detailed steps:
1. create subscription with domain in one of the previous Plesk versions
2. remove 'CNAME' record for 'www' and create 'A' record for 'www'
3. transfer (migrate) domain to Plesk 11.5.29

DemonLee, could you specify your Plesk versions installed on source and destination servers and detailed steps?

Thanks!

 

[Kirill K]

With an ALIAS domain, it DOES NOT correctly configure domainname CNAME conicalurl so the alias does NOT work and guess what - within PLESK it WILL NOT permit you to CHANGE the DNS on the ALIAS Domain... DUH!

DemonLee, am I right, Plesk has two problems here:
1. DNS zone for ALIAS domain has wrong records
2. It is impossible to change DNS records for ALIAS domain

Could you describe what is wrong with first item? As I see in Plesk 11.5 DNS zone for domain has next records:
10.10.10.10 / 24 PTR alias.kriogen.tld.
alias.kriogen.tld. NS ns.alias.kriogen.tld.
alias.kriogen.tld. A 10.10.10.10
alias.kriogen.tld. MX (10) mail.alias.kriogen.tld.
alias.kriogen.tld. TXT v=spf1 +a +mx -all
ftp.alias.kriogen.tld. CNAME alias.kriogen.tld.
ipv4.alias.kriogen.tld. A 10.10.10.10
mail.alias.kriogen.tld. A 10.10.10.10
ns.alias.kriogen.tld. A 10.10.10.10
sub.alias.kriogen.tld. A 10.10.10.10
webmail.alias.kriogen.tld. A 10.10.10.10
www.alias.kriogen.tld. CNAME alias.kriogen.tld.

Thanks

 

[Kirill K]

You used to be able to have an independent cgi-bin for each subdomain, which resides outside of httpdocs just like the main site, now you can no longer do that. cgi-bin is either shared with the main site or inside the subdomain's document root, preventing you from setting up subdomains that mirror the main domain, which is quite handy for development and is now impossible.

Hostasaurus.Com, we have separated 'cgi-bin' for domain and subdomain in Plesk 11.5.29:

# find /var/www/vhosts/ -name "cgi-bin" |grep kriogen
/var/www/vhosts/kriogenttest.tld/sub.kriogenttest.tld/cgi-bin
/var/www/vhosts/kriogenttest.tld/httpdocs/cgi-bin
#

Hostasaurus.Com, which Plesk version do you use?

Thanks!

 

[Sergey L]

Oh yeah, tell me how often Plesk 8 had remote compromises?

Plesk 8 is vulnerable to almost every Plesk security issue published within last 2 years. We even shipped security updates to discontinued 7.x versions despite it is very-very expensive to us. So to be clear - Plesk 8 isn't anymore secure than any later version. Proof is simple - open KB, search for security and see list of impacted versions.

Yes, back in 2006 Plesk was much less common and there were much less hacking activities worldwide, so nobody wanted to exploit Plesk - not much benefit that time. The world is different now. It is so cheap to book DDoS on someone's site. Hackers need to feed botnets of all kind - servers for spam, servers for ddos. And with current volumes of Plesk - yes, there will be more and more effort invested in breaking it.

Regards

 

[IgorG]

Oh, by the way, new remote exploit for Plesk 9 was published today on the Full Disclosure mailing list; thanks!

Parallels Plesk Panel: phppath/php vulnerability - http://kb.parallels.com/116241

 

[HostaHost]

Plesk 8 is vulnerable to almost every Plesk security issue published within last 2 years. We even shipped security updates to discontinued 7.x versions despite it is very-very expensive to us. So to be clear - Plesk 8 isn't anymore secure than any later version. Proof is simple - open KB, search for security and see list of impacted versions.

Yes, back in 2006 Plesk was much less common and there were much less hacking activities worldwide, so nobody wanted to exploit Plesk - not much benefit that time. The world is different now. It is so cheap to book DDoS on someone's site. Hackers need to feed botnets of all kind - servers for spam, servers for ddos. And with current volumes of Plesk - yes, there will be more and more effort invested in breaking it.

Regards

Got it, so you're saying Plesk is likely full of vulnerabilities and they just weren't found before because it was less popular.

 

[HostaHost]

Hostasaurus.Com, we have separated 'cgi-bin' for domain and subdomain in Plesk 11.5.29:

# find /var/www/vhosts/ -name "cgi-bin" |grep kriogen
/var/www/vhosts/kriogenttest.tld/sub.kriogenttest.tld/cgi-bin
/var/www/vhosts/kriogenttest.tld/httpdocs/cgi-bin
#

Hostasaurus.Com, which Plesk version do you use?

Thanks!

I sure as hell don't use 11.5, and if you'd look at your support queue you'd know why.

 

[AandCmedia]

The biggest change you can make is stop with the cartoonish UI. I don't know why you chose to make it look very bubbly/elaborate. Simple colors, simple looks, simple to use. Design the UI with the user in mind not how pretty we "think" we can make it (I am not a fan of the look at all though).

 

[Steve Douzos]

Bring the previous model back

Linulex, just switch to Power User Mode and forget about customers, subscriptions, plans and so on.

This answers leads me to believe that you people have no idea what the problem is.
It's like you don't even try/use your own product.

We the Administrators/Hosters/...etc need a simple panel with clearly marked options/segments.

The Plesk 8/9 model was just fine:
Reseller > Client > Domain > {mail,db,apps,files...etc}

Why in the name of Linus did you have to break it so badly ??

Now Chaos is upon us. Nothing works correctly.
- Users logging in to the panel can see the rest of the users' details.
- Resellers and Customers do NOT expire, EVER. They don't have an expiration date.
They can roam free on my server and f@@@ all my resources INDEFINITELY.
- There is no Client.
- There is no Domain, which is the Fundamental Unit of Measurement in the webhosting world.

The only good thing I can think of, is the password encryption and security enhancements in general.
Why didn't you just do the security enhancements ?? WHY ????