• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

find a UDP threat

W

wildwilla

New Pleskian
Hiya All

My ISP ha just contacted me to say one of our hosted VPS Plesk severs has a UDP attack emanating from it.

How best can i trouble shoot this ?

the server runs plesk "Parallels Plesk Panel version 9.5.4"
 
Last edited:
Sounds similar to what I had to deal with yesterday. There are two avenues that you need to take -- what's causing the UDP flood and how it is being caused.

I suspect you need to look for created this week that container code similar to:
eval(urldecode(@$_REQUEST['encoded_bad_stuff']

We had 3 servers that had a few hundred of these files created through an exploit in Plesk Panel on Tuesday evening. Yesterday, those files were accessed and triggered a UDP flood on our network.

Talk to parallels support about the hotfix issued last night for 9.5.4 that supposedly resolves the sql injection vulnerability in Plesk Panel.

more information on my situation in this other thread:
http://forum.parallels.com/showthread.php?t=257260
 
You must log in or register to reply here.

Similar threads

V
Issue Unable to access Plesk panel and retrieve license key on Contabo VPS
Replies
1
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
F
Question Question regarding outgoing email limits
Replies
2
Views
616
flex1
F
T
Issue Stop Plesk Brute Force Attacks NOW: Cloudflare + Windows Server Fix
Replies
2
Views
3K
Fahad009
Fahad009
O
Resolved Extension purchase error - Your current serial number could not be found
Replies
2
Views
1K
odisse
O
N
Issue Issues with migration from web host to web admin
Replies
2
Views
1K
nelteren
N
Back
Top