• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved No access to Plesk, ssh and sftp

RaHa

RaHa

Basic Pleskian
Big mistake – I changed to cable provider with dynamic IP address and forgot to change the IP Access Restriction Management - now I have no access to Plesk, ssh and stfp. I have access to Power Panel and via PHP-file and mysql commands I changed the psa DB, but access is further blocked. What can/must I do more?

PHP-file:
$ShellCmd="mysql -uadmin -p`cat psa.shadow` psa -e \"DELETE from psa.cp_access\" 2>&1 >> mylog &";
$ShellFlag=shell_exec($ShellCmd);

$ShellCmd="mysql -uadmin -p`cat psa.shadow` psa -e \"UPDATE psa.misc set val='allow' where param='access_policy'\" 2>&1 >> mylog &";
$ShellFlag=shell_exec($ShellCmd);

$ShellCmd="mysql -uadmin -p`cat psa.shadow` -e \"SELECT * from psa.cp_access\" 2>&1 >> mylog &";
$ShellFlag=shell_exec($ShellCmd);
$ShellCmd="mysql -uadmin -p`cat psa.shadow` -e \"SELECT * from psa.misc\" 2>&1 >> mylog &";
$ShellFlag=shell_exec($ShellCmd);

content mylog:
param val
access_policy allow
...

Thanks!
 
SSH is also blocked to send plesk admin --add-allowed-ip xxx.xxx.x.x

PHP is not possible, why sh: plesk: command not found
$ShellCmd="plesk admin --add-allowed-ip xxx.xxx.x.x 2>&1 >> mylog &";
$ShellFlag=shell_exec($ShellCmd);

psa.cp_access is empty
access_policy in psa.misc is allow

psa is restarted, it should works, but I get no access.
My current remote ip address is blocked. How is the ip address blocked, where can I modify this (access via Power Panel)?
 
The problem is that tcp,ssh an so on is blocked in iptables.
I can modify /usr/local/psa/var/modules/firewall/firewall-active.sh, but how to start "/etc/init.d/psa-firewall restart" in PowerShell?

Thanks!
 
Only modified the iptables helps.

I do it via PHP because I have no other access (ports 12443, 11443, 11444, 8443, 8447, 8080, 21, 22, 110, 995, 106, 3306 was only allowed for old ip address)

Logon in Power Panel - FileManager

Goto /var/www/vhost/domain/ where you have access via PHP
Greate a file doscript.php, content:
<?php
$errstr=exec ("sudo /var/www/vhost/domain/doroot.sh");
echo $errstr."<br>";
?>

Goto /etc and download sudoers
Put at the end of the file: ALL ALL=NOPASSWD: /var/www/vhost/domain/doroot.sh
upload sudoers
(/var/www/vhost/domain/doroot.sh works now as user root, started from PHP/Apache with other user)

Goto /var/www/vhost/domain/ and create a script doroot.sh with content: /sbin/iptables -L --line-numbers 2>&1 > mylog &
Go in browser and load url: http://domain/doscript.php
Have a look to url: http://domain/mylog and find the line where you must input the new-ip-address

Modify file doroot.sh for example:
#
/sbin/iptables -I INPUT 33 -p tcp --dport 8443 -s new-ip-address -j ACCEPT
#/sbin/iptables -L --line-numbers 2>&1 > mylog &

Reload in browser - url: http://domain/doscript.php

Modify file doroot.sh to:
#
#/sbin/iptables -I INPUT 33 -p tcp --dport 8443 -s newipaddress -j ACCEPT
/sbin/iptables -L --line-numbers 2>&1 > mylog &

Reload in browser - url: http://domain/doscript.php
Reload in browser - http://domain/mylog and look for input is do

Modify file doroot.sh to:
#
#/sbin/iptables -I INPUT 33 -p tcp --dport 8443 -s newipaddress -j ACCEPT
#/sbin/iptables -L --line-numbers 2>&1 > mylog &
mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -e "DELETE from psa.cp_access;"
mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -e "UPDATE psa.misc set val='allow' where param='access_policy'"
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -e "SELECT * from psa.cp_access" 2>&1 > mylog &
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -e "SELECT * from psa.misc" 2>&1 >> mylog &

Reload in browser - url: http://domain/doscript.php
Reload in browser - http://domain/mylog and look for psa.cp_access isempty and if param 'access_policy'" val is set to 'allow'

Start in browser https://domain:8443 and modify the firewall
 
Last edited:
You must log in or register to reply here.

Similar threads

Daerik
Resolved Plesk Migrator Failing to Sync Database Records After Server Upgrade
Replies
8
Views
473
Maarten
M
K
Issue Plesk Migrator fails on mysql connection
Replies
4
Views
670
KDawson
K
davidds64
Question How to upgrade MariaDB to latest version with Plesk Obsidian on Alma Linux 9
Replies
5
Views
1K
davidds64
davidds64
A
Resolved How to access MySQL customer tables on Windows?
Replies
4
Views
1K
AlexFye
A
S
Resolved ERR_CONNECTION_REFUSED after update
Replies
5
Views
2K
sistemsb
S
Back
Top