1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Hacker comes to my plesk server

Discussion in 'Plesk 10.x for Windows Suggestions and Feedback' started by virtualm1, Feb 25, 2012.

  1. virtualm1

    virtualm1 Guest

    0
     
    Hi

    I have a big issue for me at the moment..
    Plesk installation are corrupted..Hacker installed easyphp and it change any configuration..

    Now after lgin I have a message.sometimes I can reproduce...sometimes i can not do it !

    I guess is a basic configuration issue..I need to know if I can recover it!! I can not access to back ups, databases, domain.

    Plesk is for windows server... can I reinstall???

    Any mod can help me?
    Thanks in advance
     
  2. virtualm1

    virtualm1 Guest

    0
     
    this is it.
    Fatal error: Uncaught exception 'Zend_Db_Adapter_Exception' with message 'SQLSTATE[28000] [1045] Access denied for user 'admin'@'localhost' (using password: NO)' in C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\externals\Zend\Db\Adapter\Pdo\Abstract.php:143 Stack trace: #0 C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\externals\Zend\Db\Adapter\Abstract.php(417): Zend_Db_Adapter_Pdo_Abstract->_connect() #1 C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\externals\Zend\Db\Adapter\Pdo\Abstract.php(230): Zend_Db_Adapter_Abstract->query('SELECT 1', Array) #2 C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\library\Smb\Application\Abstract.php(96): Zend_Db_Adapter_Pdo_Abstract->query('SELECT 1') #3 C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\library\Smb\Application\Web.php(47): Smb_Application_Abstract->_initDbAdapter() #4 C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\public\index.php(20): Smb_Application_Web->run() #5 {main} thrown in C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\externals\Zend\Db\Adapter\Pdo\Abstract.php on line 143
     
  3. shall

    shall Regular Pleskian

    26
    57%
    Joined:
    Apr 2, 2007
    Messages:
    226
    Likes Received:
    0
    Before attempting to install or reinstall - you need to fully scan and disinfect your machine. If they had access to execute unfiltered PHP on your server, it's possible you have other malware as well. Reinstalling Plesk won't fix that.
     
  4. virtualm1

    virtualm1 Guest

    0
     
    THANKS..I dit it how can Reinstall plesk 10 SB?

    I´m really worried....I can not access to plesk...domain , databases..etc I can see it!!

    Please Igor Help me!!
     
    Last edited by a moderator: Feb 26, 2012
  5. shall

    shall Regular Pleskian

    26
    57%
    Joined:
    Apr 2, 2007
    Messages:
    226
    Likes Received:
    0
    This KB article has the Windows auto installer - while it says 10.3, it actually automatically selects the most current version (currently 10.4.4):
    http://kb.parallels.com/en/111593
     
  6. virtualm1

    virtualm1 Guest

    0
     
    thanks a lot...Anyway I can not reinstall.. no option



    is there a repair mode or something similar?

    how can I update a datbase and insert data without plesk and phpadmin??

    I guess php configuration is changed and it affects plesk .

    With this link you can install a component not previous installed, but You can not remove a component or reinstall plesk, only install a a new component
     
    Last edited by a moderator: Feb 26, 2012
  7. PavelV

    PavelV Plesk for Windows Staff Member

    28
     
    Joined:
    Nov 15, 2010
    Messages:
    251
    Likes Received:
    15
    virtualm1:
    Please try to calm down and explain in details what is the problem, describe symptoms. What is wrong exactly? What Plesk version do you have?
    I would recommend to look at Windows Event log in Application and System areas. Also please check Plesk logs (located here: %plesk_dir%\admin\logs). You should check php_error.log and panel.log here. You can send them to me in Private message or directly by email.

    Main rule: if you haven't find reason of threat, you will be hacked again even after clean reinstall of whole server. So please investigate why this happened.
     
  8. virtualm1

    virtualm1 Guest

    0
     
    Ples 10 Small business Windows

    When you loggin in ....:login.php next pag show that issue.

    ok thanks...I´m glad and suprised with your fast answers..

    Ok I´m going to tell you something more.

    I Lost my passwords from server.This people install a videoforum in my websyte with easyphp, i´m sure..I unistalled it.

    Maybe he changes httpconf o rphp conf etc

    I can access to plesk...Now ín going to relax a little more and I ´ll follow your steps.

    Thanks for supporting me.

    PD: It was a developer that has my keys...Now it´s secure. I change my pass and removed installations .
     
    Last edited by a moderator: Feb 26, 2012
  9. virtualm1

    virtualm1 Guest

    0
     
    2011-01-14T16:20:17+01:00 ERR (3): Can not update admin services subscription: exception 'Smb_Service_Exception' with message 'Execution failed.
    Command: websrvmng
     
    Last edited by a moderator: Mar 4, 2012
  10. virtualm1

    virtualm1 Guest

    0
     
    There is a lot of "updates" or small logs Called "Application..""

    but I ´ve found this. I guess it is the most important..Anyway I dont see same reference that when i´m login.

    I have many small files.which one exactly we need to check? can you check my server? DO you need my ip and passwords?
     
    Last edited by a moderator: Feb 27, 2012
  11. virtualm1

    virtualm1 Guest

    0
     
    Again here

    ok I format my system...but I think I have attacks

    right now my plesk service is not working,,I restart some times but nothing works

    I found this one:



    HTTP Error 404.3 - Not Found

    The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map.


    Detailed Error Information



    Module

    StaticFileModule



    Notification

    ExecuteRequestHandler



    Handler

    StaticFile



    Error Code

    0x80070032





    Requested URL

    https://localhost:8443/smb/index.php



    Physical Path

    C:\Program Files (x86)\Parallels\Plesk\admin\smb\application\public\index.php



    Logon Method

    Anonymous



    Logon User

    Anonymous




    Most likely causes:•It is possible that a handler mapping is missing. By default, the static file handler processes all content.
    •The feature you are trying to use may not be installed.
    •The appropriate MIME map is not enabled for the Web site or application. (Warning: Do not create a MIME map for content that users should not download, such as .ASPX pages or .config files.)
    •If ASP.NET is not installed.


    Things you can try:•In system.webServer/handlers: ?Ensure that the expected handler for the current page is mapped.
    ?Pay extra attention to preconditions (for example, runtimeVersion, pipelineMode, bitness) and compare them to the settings for your application pool.
    ?Pay extra attention to typographical errors in the expected handler line.

    •Please verify that the feature you are trying to use is installed.
    • Verify that the MIME map is enabled or add the MIME map for the Web site using the command-line tool appcmd.exe. 1.To set a MIME type, use the following syntax: %SystemRoot%\windows\system32\inetsrv\appcmd set config /section:staticContent /+[fileExtension='string',mimeType='string']
    2.The variable fileExtension string is the file name extension and the variable mimeType string is the file type description.
    3.For example, to add a MIME map for a file which has the extension ".xyz": appcmd set config /section:staticContent /+[fileExtension='.xyz',mimeType='text/plain']
    Warning: Ensure that this MIME mapping is needed for your Web server before adding it to the list. Configuration files such as .CONFIG or dynamic scripting pages such as .ASP or .ASPX, should not be downloaded directly and should always be processed through a handler. Other files such as database files or those used to store configuration, like .XML or .MDF, are sometimes used to store configuration information. Determine if clients can download these file types before enabling them.
    •Install ASP.NET.
    •Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.


    Links and More Information This error occurs when the file extension of the requested URL is for a MIME type that is not configured on the server. You can add a MIME type for the file extension for files that are not dynamic scripting pages, database, or configuration files. Process those file types using a handler. You should not allows direct downloads of dynamic scripting pages, database or configuration files.
    View more information »
     
Loading...