• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Hacked and replaced by linkbucks.com

H

HansUnland

New Pleskian
Hello All.

My server runs CentOS 6 with Parallels Plesk Panel 11.0.9. Yesterday it was hacked. All index.* and some main.* files were replaced by a page referring to linkbucks.com. Not only the files of my clients, for which I have backups. But also the plesk installation, mail-server and probably some others are defective. Is this caused by a known vulnerability?

Kind regards
Hans
 
Last edited:
Hello Igor,

Thanks for your answer. I did not write that the vulnerability came from Plesk. I simply asked whether there is something known.

Kind regards
Hans
 
Hello,

I will suggest you applies some security to your server so that you should not face any issues with the server security. Please check the following and update it on your server,

1) Your server is hacked so please change all account password
2) Check your server kernel and update it to latest version
3) Install mod security on your server with the apache
4) Install Linux Malware Detect (LMD) on your server and setup the cron for weekly scanning : http://www.rfxn.com/projects/linux-malware-detect/
5) Install firewall and open only require port : Plesk port list : http://kb.parallels.com/en/391
6) secure SSHD service
7) Disable the some risky php function in your server php.ini file
 
Hello,

In between I recreated my server completely. Don't know exactly which way the intruder took. But I guess it was a plain FTP account. Ok, I know, I know, that's stupid. But a friend wanted to send me some big files and was not familiar with SFTP. Will never do this mistake. Meanwhile my server had never been attacked.

Many thanks for your answers.

Kind regards
Hans
 
You must log in or register to reply here.

Similar threads

R
Issue UFW turned off and Fail2Ban suddenly completely missing from Plesk Panel -- Very Concerning
Replies
4
Views
2K
regenix
R
L
Resolved Plesk adding hex data to index.php after change of httpdocs folder
Replies
10
Views
693
Liberator
L
R
Resolved WP Toolkit/Wordpress Toolkit - older version screenshot issue
Replies
4
Views
1K
rhall
R
kristobal1969
Resolved Impossible to update ubuntu 22.04.5 LTS after installation of plesk 18.0.64 #1 error mail message 404 on online.net server (dedibox from scaleway) FR
Replies
1
Views
1K
kristobal1969
kristobal1969
E
Issue Abnormal CPU usage and Apache crash
Replies
13
Views
4K
MartinT
M
Back
Top