• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Hacking using HORDE!

N

NizzyG

Guest
My hosting company just notified that my server was used for hacking other servers. It was a denial of service attack. I was asked to look into logs and investigate it.

I found out that Horde is the one used for that. if you enabled the Horde as I did and never secured the directory, etc, your server is under watch by hackers as well. Here is the link of that application can be called from.

Basically, horde allows users to run any shell commands. Horde has php shell, sql shell as well as CLI. How nice it is! go figure it out the rest by yourself.

http://www.SITE.com/horde/admin/cmdshell.php

I strongly recommend Plesk to remove the horde from their recommended list of applications.
 
Thank you for notification. I have forwarded it to developers. I will update this thread with any useful information as soon as I receive it.
 
Still under developer's investigation. They are prepare 9.5 release now, therefore not sure that investigation will be fast.
 
Could you please, specify OS, Plesk version and steps to reproduce the issue.
 
You must log in or register to reply here.

Similar threads

Mark12345
Input Solved 502 Bad Gateway Shipstation Plugin AWS TLS NGINX Woocommerce
Replies
0
Views
1K
Mark12345
Mark12345
PeopleInside
Resolved CORS stop to working using HTTP 2 Plesk Plesk Obsidian Version 18.0.52
Replies
17
Views
3K
PeopleInside
PeopleInside
Automata
  • Poll
Input FEATURE REQUEST: Add SSH2 extension to PHP default extensions to improve security.
Replies
2
Views
2K
Automata
Automata
A
Issue Very high Memory high use and very low process
Replies
5
Views
6K
Antrax1
A
B
  • Poll
Issue Force Let'sEncrypt extension to use DNS-01 authentication when issuing a new certificate
Replies
3
Views
4K
TomBoB
T
Back
Top