Facebook
Twitter
LinqLOL
Basic Pleskian
Well there are 2 issues here in general:
This makes supplies-chain attacks very easy.
This might be a sign there is no open-culture about security in Plesk . F*ckups can be made (been there, done that). But get your act together apoligize and tell us what you gonna do to prevent these kind of incidents. Running a internet business is hard enought already without vendors causing havoc
Installation possible by-passing Plesk (and Customers)
I do understand when you have the Immunify extension activated/installed on purpose the extension party (CloudLinux) has the power to make changes to our system. The problem here is ofcourse Plesk gives full power to an extension supplier which makes major (unwanted) changes to servers which do not have the extension enabled.This makes supplies-chain attacks very easy.
Downsizing the issue
I see that Plesk and CloudLinux downsizing the problem. They totally ignored the above points. The facts is that we have seen servers where files are uploaded to CL servers EVEN without us having a license.This might be a sign there is no open-culture about security in Plesk . F*ckups can be made (been there, done that). But get your act together apoligize and tell us what you gonna do to prevent these kind of incidents. Running a internet business is hard enought already without vendors causing havoc
