1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Looking for the howto 'How to prevent your server from getting hacked all day long'

Discussion in 'Plesk for Windows - 8.x and Older' started by jetnet, Aug 29, 2006.

  1. jetnet

    jetnet Guest

    0
     
    Sorry if the title lends itself to the bitter side of me. Let me explain.

    We have 5 severs at The Planet hosting all running Linux. Never had a problem in our lives with it. Its running CPanel, and couldnt be happier with it. We had a few customers ask us if we were getting a Windows server, so we decided to go for it. Now keep in mind, I worked at a national ISP for years as the head System Administrator, and run Windows 2000 / 2003, and only had 1 hacking experience in 3 years. (I am not tooting my horn, as you are about to see, I seem to be a total idiot.)

    So here is a detailed experience of our Windows server life.

    The planet sends us the "Your the proud new parent of a new Windows Server, heres your keys" message. We get in, make sure Windows is updated, and sure enough, everything looks good. Well we tinker around with adding a few accounts on the server, and tell 1 of our customers to start playing around with it. 3 days later, we no longer can login to the Plesk server. Come to find out that the server was hacked. By what? We still have no idea. From what I can find, it has something to do with Tomcat, and permissions. But basically a nice rootkit was installed, password dump program, and tons of other fun stuff...

    Had The Planet reload the OS. Same welcome message, heres your new server. I get in, updated Windows, Updated Plesk, insatlled a Virus Scanner, updated it. Updated NOTEPAD... Hell, I updated everything. So I am good right? WRONG... Less then 2 days after everything is updated, the server is hacked again by the same thing. What the heck...

    Reload the OS again... Do everything that I can to protect that stupid server, I updated everything again, then I did the ip administrator thing where I try and protect my administration section from stray people hitting it... Long story short... HACKED...

    This is what the planet keeps saying:

    Well this is POST getting hacked, so this solves nothing. What I want to know is, have you all heard of what the heck is causing this, and what in the world can I do to STOP this, (short of installing linux and saying SCREW windows?)
     
  2. Skeeter

    Skeeter Guest

    0
     
    Hello, Sir

    Wow, this has been a bad experience.

    First of all, please, tell what is the Plesk version you used.

    If that is Plesk 7.5, we would recommend you to install Plesk 7.6, which has some major improvements in File Security.

    So, the hacker could possibly pick an FTP password and upload some scripts, that could access some system files.

    The other possible danger can possibly be security holes in the services you used:

    PHP, Perl, MySQL, MS SQL (MSDE), or other ones.

    So, it is recommended to disable remote access to MSSQL and MySQL.

    As for Perl and other services, you shouldn`t enable them unless they are required.

    You can also perform an upgrade of your PHP to increase it`s security. You can find a HOWTO on upgrading PHP here:

    http://faq.swsoft.com/article_149_1048_en.html

    It is also strongly recommended to use a firewall and close all the ports that are not used by external users.

    However, this is not a complete list f advices.
     
  3. jetnet

    jetnet Guest

    0
     
    Thank you for the reply Skeeter...

    Yes this is Plesk 7.5. I have no way of updateing it, as this comes preinstalled on the server by The Planet. I can see about submitting a request for them to update it, but I doubt they will do it.

    Is there anyway we can buy our own upgrade to 7.6? Even though we have their 7.5? Or is it a free upgrade? (please say yes)

    As per your FTP theory, the last two times the server was hacked, we never added an account on the server. It just got hacked sitting there.

    As for the other things that you mentioned, I dont understand how they get owned so easily when we have the exact same services running on Linux boxes all day long and never have any problems. Just curious.

    I will do these PHP updates. And for that matter, i will look into all of the things you have mentioned here. Thanks for you help
     
  4. Traged1

    Traged1 Guest

    0
     
    There was a security patch issed for PLESK 7.5 please look in the downloads section under Windows for details and demand THE PLANET apply the Patch.
     
  5. Skeeter

    Skeeter Guest

    0
     
    I do apologise for the delay.

    The recent licenses SWsoft issues let you use both Plesk 7.5 and Plesk 7.6. I`m not sure, which licenses are used by The Planet.

    In any case, you can upgrade to Plesk 7.5.6+, which has security improvements too:

    it is available for download here:

    http://www.swsoft.com/en/download/plesk76win/

    As for upgrading to 7.6, you should contact your Reseller to resolve this.
     
Loading...