• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

HOWTO secure plesk on rhel

W

webcie

Guest
Hello,

One of our servers has been hacked today. Currently we are working to get the sites back online.

Does anyone have a best practice how to secure plesk on rhel.

A few things come to mind:
how can I prevent scripts in /tmp being executed?
can I safely change permissions on perl to 700?
how can I prevent the apache user from running shell scripts?

thanks


Jef
 
Good question dude, I'd like to know a little too :D

I did get Mod_security installed on the box I work with at least =)
 
any usefull info to get it installed? or was is it just as a standard installation?


Jef
 
Do you know how it was hacked? It sounds like it was an application vault security hole or custom PHP app?

Try to keep the version of Plesk up to date and use a firewall to protect access to your server. Never open SSH up to users, dont use password authentication for SSH; use RSA keys.

Maybe only allow port 80, 443 and 53 in to your plesk server.
 
that's the problem. the machine was up2date. Both OS and plesk were patched. I'm using a firewall and still the evil guy managed to upload and execute scripts. While doing that he or she was able to delete the /var/log folder which requires root access afaik.

I want to lockdown the server:
*files can be uploaded but should not be excutable
*I'd like to shutdown perl as almost none of my clients uses it and the ones using it I can put together on one server.
*I want to remove any rpm that isn't absolutly required for running standard plesk.
*...

We did get only one complaint due to our fast communication but I want to avoid these situations. I can live with hardware failure but not with ... ;-)

Jef
 
You must log in or register to reply here.

Similar threads

C
Question How can I secure my Mail with Letsencrypt next to Cloudflares Origin Certificate in Plesk?
Replies
4
Views
1K
cpulove
C
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
928
Raul A.
R
M
Issue Outgoing Mail Control is always 0
Replies
1
Views
641
MarketPC
M
V
Issue Smarthost + SRS = relay?
Replies
2
Views
10K
vanlier
V
learning_curve
Resolved Permissions on some of the files packaged by Plesk are incorrect[ERROR] - Post 18.0.69 Upgrade
Replies
19
Views
3K
learning_curve
learning_curve
Back
Top