• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Hacker comes to my plesk server

V

virtualm1

Guest
Hi

I have a big issue for me at the moment..
Plesk installation are corrupted..Hacker installed easyphp and it change any configuration..

Now after lgin I have a message.sometimes I can reproduce...sometimes i can not do it !

I guess is a basic configuration issue..I need to know if I can recover it!! I can not access to back ups, databases, domain.

Plesk is for windows server... can I reinstall???

Any mod can help me?
Thanks in advance
 
this is it.
Fatal error: Uncaught exception 'Zend_Db_Adapter_Exception' with message 'SQLSTATE[28000] [1045] Access denied for user 'admin'@'localhost' (using password: NO)' in C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\externals\Zend\Db\Adapter\Pdo\Abstract.php:143 Stack trace: #0 C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\externals\Zend\Db\Adapter\Abstract.php(417): Zend_Db_Adapter_Pdo_Abstract->_connect() #1 C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\externals\Zend\Db\Adapter\Pdo\Abstract.php(230): Zend_Db_Adapter_Abstract->query('SELECT 1', Array) #2 C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\library\Smb\Application\Abstract.php(96): Zend_Db_Adapter_Pdo_Abstract->query('SELECT 1') #3 C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\library\Smb\Application\Web.php(47): Smb_Application_Abstract->_initDbAdapter() #4 C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\public\index.php(20): Smb_Application_Web->run() #5 {main} thrown in C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\externals\Zend\Db\Adapter\Pdo\Abstract.php on line 143
 
Before attempting to install or reinstall - you need to fully scan and disinfect your machine. If they had access to execute unfiltered PHP on your server, it's possible you have other malware as well. Reinstalling Plesk won't fix that.
 
THANKS..I dit it how can Reinstall plesk 10 SB?

I´m really worried....I can not access to plesk...domain , databases..etc I can see it!!

Please Igor Help me!!
 
Last edited by a moderator:
thanks a lot...Anyway I can not reinstall.. no option



is there a repair mode or something similar?

how can I update a datbase and insert data without plesk and phpadmin??

I guess php configuration is changed and it affects plesk .

With this link you can install a component not previous installed, but You can not remove a component or reinstall plesk, only install a a new component
 
Last edited by a moderator:
virtualm1:
Please try to calm down and explain in details what is the problem, describe symptoms. What is wrong exactly? What Plesk version do you have?
I would recommend to look at Windows Event log in Application and System areas. Also please check Plesk logs (located here: %plesk_dir%\admin\logs). You should check php_error.log and panel.log here. You can send them to me in Private message or directly by email.

Main rule: if you haven't find reason of threat, you will be hacked again even after clean reinstall of whole server. So please investigate why this happened.
 
Ples 10 Small business Windows

When you loggin in ....:login.php next pag show that issue.

ok thanks...I´m glad and suprised with your fast answers..

Ok I´m going to tell you something more.

I Lost my passwords from server.This people install a videoforum in my websyte with easyphp, i´m sure..I unistalled it.

Maybe he changes httpconf o rphp conf etc

I can access to plesk...Now ín going to relax a little more and I ´ll follow your steps.

Thanks for supporting me.

PD: It was a developer that has my keys...Now it´s secure. I change my pass and removed installations .
 
Last edited by a moderator:
2011-01-14T16:20:17+01:00 ERR (3): Can not update admin services subscription: exception 'Smb_Service_Exception' with message 'Execution failed.
Command: websrvmng
 
Last edited by a moderator:
There is a lot of "updates" or small logs Called "Application..""

but I ´ve found this. I guess it is the most important..Anyway I dont see same reference that when i´m login.

I have many small files.which one exactly we need to check? can you check my server? DO you need my ip and passwords?
 
Last edited by a moderator:
Again here

ok I format my system...but I think I have attacks

right now my plesk service is not working,,I restart some times but nothing works

I found this one:



HTTP Error 404.3 - Not Found

The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map.


Detailed Error Information



Module

StaticFileModule



Notification

ExecuteRequestHandler



Handler

StaticFile



Error Code

0x80070032





Requested URL

https://localhost:8443/smb/index.php



Physical Path

C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\public\index.php



Logon Method

Anonymous



Logon User

Anonymous




Most likely causes:•It is possible that a handler mapping is missing. By default, the static file handler processes all content.
•The feature you are trying to use may not be installed.
•The appropriate MIME map is not enabled for the Web site or application. (Warning: Do not create a MIME map for content that users should not download, such as .ASPX pages or .config files.)
•If ASP.NET is not installed.


Things you can try:•In system.webServer/handlers: ?Ensure that the expected handler for the current page is mapped.
?Pay extra attention to preconditions (for example, runtimeVersion, pipelineMode, bitness) and compare them to the settings for your application pool.
?Pay extra attention to typographical errors in the expected handler line.

•Please verify that the feature you are trying to use is installed.
• Verify that the MIME map is enabled or add the MIME map for the Web site using the command-line tool appcmd.exe. 1.To set a MIME type, use the following syntax: %SystemRoot%\windows\system32\inetsrv\appcmd set config /section:staticContent /+[fileExtension='string',mimeType='string']
2.The variable fileExtension string is the file name extension and the variable mimeType string is the file type description.
3.For example, to add a MIME map for a file which has the extension ".xyz": appcmd set config /section:staticContent /+[fileExtension='.xyz',mimeType='text/plain']
Warning: Ensure that this MIME mapping is needed for your Web server before adding it to the list. Configuration files such as .CONFIG or dynamic scripting pages such as .ASP or .ASPX, should not be downloaded directly and should always be processed through a handler. Other files such as database files or those used to store configuration, like .XML or .MDF, are sometimes used to store configuration information. Determine if clients can download these file types before enabling them.
•Install ASP.NET.
•Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.


Links and More Information This error occurs when the file extension of the requested URL is for a MIME type that is not configured on the server. You can add a MIME type for the file extension for files that are not dynamic scripting pages, database, or configuration files. Process those file types using a handler. You should not allows direct downloads of dynamic scripting pages, database or configuration files.
View more information »
 
Back
Top