• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Install plesk 8.6 from parallel server may be hacked?

S

Smashing

New Pleskian
I installed plesk 8.6 on fedora 8 recently. But when I used rkhunter to check server.
The result show /bin/ls, /bin/netstat, /bin/ps , /bin/find, /usr/bin/md5sum, /usr/bin/pstree, /usr/bin/top
/sbin/ifconfig, /usr/sbin/lsof has been changed, and found SHV4, SHV5 Rootkit.
And when I used netstat to check connection. I can't find port 80. Why? The httpd is start. But can't find 80 port??
And there is unknow traffic everyday.
What happend?
Before I installed plesk I also used rkhunter to check server. And everything is fine.
 
Where you have downloaded Plesk distribution package? Do you really think that official Plesk installation package has infected files inside?
 
I download parallels_installer_v3.4.1_build090204.18_os_FedoraCore_8_i386 from http://www.parallels.com/download/plesk86/

And I try it again. I installed a new server. and I use rkhunter to check server everything is ok. But after I installed the plesk the rkhunter find 2 rootkit. And /bin/ls, /bin/netstat, /bin/ps , /bin/find, /usr/bin/md5sum, /usr/bin/pstree, /usr/bin/top, /sbin/ifconfig, /usr/sbin/lsof has been changed.
It seems plesk changed the file.

I hope offical plesk package is ok. But everything seems so unusual.
 
But why you don't wish to use latest 9.3.0 Plesk version?
8.6.0 is very-very old Plesk.
 
Last edited:
Because I have bought the plesk 8.6 license. I do not have 9.x.
And I install it on the amazon ec2 server. Plesk 9.x seems have problem to install on ec2.
 
I attached the rkhunter log both before and after installed plesk.
 

Attachments

  • rkhunter result.zip
    20.6 KB · Views: 2
Thats definitely suspicious, but difficult to say if its malicious or not. Those warning are coming up because the immutable bit is set on those binaries, and that you have a non-root UID 0 account (plesk-root). Youre definitely running an unsupported OS too (FC8 was EOL'd in 2008 I think).
 
I know fedora 8 is old. But Amazon EC2 officical ami only have fedora 8 version. I only trust ami from Amazon. So this is the only one choice. My System is built by Amazon officical ami and I only used yum to install rkhunter and tripwire before installed plesk 8.6. And I did those step within 2 hours. And the plesk-root is beed added after I installed plesk.

I really have no idea what happend. I will try to install plesk on my own server. And maybe I will download the full install package to local and install it.
 
You must log in or register to reply here.

Similar threads

R
Issue Plesk repair -all error
Replies
4
Views
1K
MARS_NETWORKS
M
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
663
Lenny
Lenny
D
Resolved Webmail 500 error after installing Plesk Premium Email
Replies
4
Views
2K
Peter Debik
P
duy13
[AntiDDoS] for Plesk Panel with vDDoS Proxy Protection
Replies
0
Views
2K
duy13
duy13
R
Issue Update to plesk 18.0.40 failed
Replies
2
Views
2K
IgorG
IgorG
Back
Top