• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Install plesk 8.6 from parallel server may be hacked?

S

Smashing

New Pleskian
I installed plesk 8.6 on fedora 8 recently. But when I used rkhunter to check server.
The result show /bin/ls, /bin/netstat, /bin/ps , /bin/find, /usr/bin/md5sum, /usr/bin/pstree, /usr/bin/top
/sbin/ifconfig, /usr/sbin/lsof has been changed, and found SHV4, SHV5 Rootkit.
And when I used netstat to check connection. I can't find port 80. Why? The httpd is start. But can't find 80 port??
And there is unknow traffic everyday.
What happend?
Before I installed plesk I also used rkhunter to check server. And everything is fine.
 
Where you have downloaded Plesk distribution package? Do you really think that official Plesk installation package has infected files inside?
 
I download parallels_installer_v3.4.1_build090204.18_os_FedoraCore_8_i386 from http://www.parallels.com/download/plesk86/

And I try it again. I installed a new server. and I use rkhunter to check server everything is ok. But after I installed the plesk the rkhunter find 2 rootkit. And /bin/ls, /bin/netstat, /bin/ps , /bin/find, /usr/bin/md5sum, /usr/bin/pstree, /usr/bin/top, /sbin/ifconfig, /usr/sbin/lsof has been changed.
It seems plesk changed the file.

I hope offical plesk package is ok. But everything seems so unusual.
 
But why you don't wish to use latest 9.3.0 Plesk version?
8.6.0 is very-very old Plesk.
 
Last edited:
Because I have bought the plesk 8.6 license. I do not have 9.x.
And I install it on the amazon ec2 server. Plesk 9.x seems have problem to install on ec2.
 
I attached the rkhunter log both before and after installed plesk.
 

Attachments

  • rkhunter result.zip
    20.6 KB · Views: 2
Thats definitely suspicious, but difficult to say if its malicious or not. Those warning are coming up because the immutable bit is set on those binaries, and that you have a non-root UID 0 account (plesk-root). Youre definitely running an unsupported OS too (FC8 was EOL'd in 2008 I think).
 
I know fedora 8 is old. But Amazon EC2 officical ami only have fedora 8 version. I only trust ami from Amazon. So this is the only one choice. My System is built by Amazon officical ami and I only used yum to install rkhunter and tripwire before installed plesk 8.6. And I did those step within 2 hours. And the plesk-root is beed added after I installed plesk.

I really have no idea what happend. I will try to install plesk on my own server. And maybe I will download the full install package to local and install it.
 
You must log in or register to reply here.

Similar threads

Matt N
Issue Maria DB 10.11 > 11.4 upgrade results in issues with Plesk Repair Tool - reports innodb corruption in ibdata1
2
Replies
26
Views
9K
tethis IT
tethis IT
UnS3eN
Issue httpd won't start
Replies
9
Views
3K
pleskpanel
P
Manuel Kuhn
Issue Problems from debian 10 to 12
Replies
2
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
G
Question Plesk Panel Extremely Slow and Shows White Screen Despite Server Resources Being Idle
Replies
2
Views
3K
HHawk
HHawk
learning_curve
Resolved Permissions on some of the files packaged by Plesk are incorrect[ERROR] - Post 18.0.69 Upgrade
Replies
19
Views
11K
learning_curve
learning_curve
Back
Top