• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Login plesk 'admin' lock attack possible ?

B

BoXie

Guest
Hi,

Is this possible ? If yes ... please fix this a.s.a.p. !!!!

Situation:
-------------
I look for a Plesk hoster find his login-screen and start a login procedure for 'admin' every 20 seconds. After X-times .. admin account will be locked for about 30 minutes.

After that I go back and lock the admin account again (by logging in 3 times with wrong credentials.).

This way, Plesk admin's cannot access their Plesk anymore (at least .. not that simple).

Can Plesk hosters be harassed like this in combination with a simple script ?

SO: is admin-locking IP-sensitive or not ?

If not --> serious problem.
 
You can lock down admin logins to use a blacklist whitelist if you go to SERVER->ACCESS. If someone were to try this, you could simply blacklist their IP, or whitelist your own range, and block everyone else. The server admin can always unlock a session by removing it from the DB as well.

Just like any DoS attack, mitigation at the network level is key.
 
You must log in or register to reply here.

Similar threads

burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
1K
Peter Debik
P
G
Question WP installs are quarantined daily.
Replies
4
Views
592
Bobbbb
B
D
Issue The file /opt/psa/admin/htdocs/login.php is part of Plesk distribution. It cannot be run outside of Plesk environment.
Replies
0
Views
2K
Deveoo
D
G
Resolved Server Error 500 Plesk\Lock\Exception
2
Replies
26
Views
18K
GMastaP
G
D
Issue Plesk Won't load (certain pages)/with power user mode -on
Replies
0
Views
995
DamsCommerce
D
Back
Top