R
robharris
Guest
There is a security hole in Plesk 8.4 and 8.6, which allows email accounts to be highjacked by spammers.
Our servers are maintained by RackSpace. The RackSpace engineers have been working on this for weeks in an attempt to identify the source of spam and phishing messages, which are sent through highjacked email accounts. At first they said that the source domain of the spam could not be identified due to a bug in Plesk 8.4 server logs so we updated to 8.6. (As usual there was an issue with security certificates, which had to be fixed manually at root level, but the update bugs are another issue, which I am sure you are tired of hearing about:-(
After updating to 8.6, the trouble still occured and we still could not identify the source domain. From time to time a spammer gains access and sends thousands of phishing messages. Eventually the server mail queue fills up with undeliverables and the mail server slows down or stops working until the mail queue is emptied manually. Left unchecked, the server becomes blacklisted and then legitimate email is blocked.
RackSpace spent many hours searching for a solution. They reported back to us that Plesk was no help to them. I am not surprised at all considering how many complaints you receive on a regular basis and how many bugs seem to be ignored for long periods of time. Finally we found that we are not the only ones having this trouble and we have confirmed that this is a security bug in Plesk. I could not find a thread for this bug in the Plesk forum, however it appears that someone else has already reported this bug and nothing has been done about it yet. Here is the site where the bug is reported. http://seclists.org/bugtraq/2008/Sep/0001.html
A quick fix for this bug is to change Plesk settings to require long email usernames. If Plesk support does not address this issue soon, we will change the setting and ask our hundreds of hosted clients to change all of their usernames from short to long. I am hoping to avoid this major inconvenience for our hosted clients.
Please respond asap to let us know if you are working on this bug and how long it might take to fix it!
Rob Harris
http://ashopwebhosting.com
Our servers are maintained by RackSpace. The RackSpace engineers have been working on this for weeks in an attempt to identify the source of spam and phishing messages, which are sent through highjacked email accounts. At first they said that the source domain of the spam could not be identified due to a bug in Plesk 8.4 server logs so we updated to 8.6. (As usual there was an issue with security certificates, which had to be fixed manually at root level, but the update bugs are another issue, which I am sure you are tired of hearing about:-(
After updating to 8.6, the trouble still occured and we still could not identify the source domain. From time to time a spammer gains access and sends thousands of phishing messages. Eventually the server mail queue fills up with undeliverables and the mail server slows down or stops working until the mail queue is emptied manually. Left unchecked, the server becomes blacklisted and then legitimate email is blocked.
RackSpace spent many hours searching for a solution. They reported back to us that Plesk was no help to them. I am not surprised at all considering how many complaints you receive on a regular basis and how many bugs seem to be ignored for long periods of time. Finally we found that we are not the only ones having this trouble and we have confirmed that this is a security bug in Plesk. I could not find a thread for this bug in the Plesk forum, however it appears that someone else has already reported this bug and nothing has been done about it yet. Here is the site where the bug is reported. http://seclists.org/bugtraq/2008/Sep/0001.html
A quick fix for this bug is to change Plesk settings to require long email usernames. If Plesk support does not address this issue soon, we will change the setting and ask our hundreds of hosted clients to change all of their usernames from short to long. I am hoping to avoid this major inconvenience for our hosted clients.
Please respond asap to let us know if you are working on this bug and how long it might take to fix it!
Rob Harris
http://ashopwebhosting.com