• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Login plesk 'admin' lock attack possible ?

B

BoXie

Guest
Hi,

Is this possible ? If yes ... please fix this a.s.a.p. !!!!

Situation:
-------------
I look for a Plesk hoster find his login-screen and start a login procedure for 'admin' every 20 seconds. After X-times .. admin account will be locked for about 30 minutes.

After that I go back and lock the admin account again (by logging in 3 times with wrong credentials.).

This way, Plesk admin's cannot access their Plesk anymore (at least .. not that simple).

Can Plesk hosters be harassed like this in combination with a simple script ?

SO: is admin-locking IP-sensitive or not ?

If not --> serious problem.
 
You can lock down admin logins to use a blacklist whitelist if you go to SERVER->ACCESS. If someone were to try this, you could simply blacklist their IP, or whitelist your own range, and block everyone else. The server admin can always unlock a session by removing it from the DB as well.

Just like any DoS attack, mitigation at the network level is key.
 
You must log in or register to reply here.

Similar threads

Z
Issue Major security inconsistency in Plesk admin access control logic
Replies
7
Views
1K
zigzag
Z
Jürgen_T
Question Massive Brute-Force Attacks on Plesk Panel – Looking for Additional Protection Measures
Replies
15
Views
4K
Franky H
F
P
Question Plesk login 8443 cannot be called up
Replies
8
Views
3K
Kaspar@Plesk
Kaspar@Plesk
P
Forwarded to devs Event 'CP User Login' triggered despite invalid additional authentication step (MFA)
Replies
2
Views
1K
Kaspar@Plesk
Kaspar@Plesk
J
Resolved Can't login at Plesk admin panel (Plesk Onyx 17.0.17)
Replies
6
Views
11K
JVG
J
Back
Top