• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved No access to Plesk, ssh and sftp

RaHa

RaHa

Basic Pleskian
Big mistake – I changed to cable provider with dynamic IP address and forgot to change the IP Access Restriction Management - now I have no access to Plesk, ssh and stfp. I have access to Power Panel and via PHP-file and mysql commands I changed the psa DB, but access is further blocked. What can/must I do more?

PHP-file:
$ShellCmd="mysql -uadmin -p`cat psa.shadow` psa -e \"DELETE from psa.cp_access\" 2>&1 >> mylog &";
$ShellFlag=shell_exec($ShellCmd);

$ShellCmd="mysql -uadmin -p`cat psa.shadow` psa -e \"UPDATE psa.misc set val='allow' where param='access_policy'\" 2>&1 >> mylog &";
$ShellFlag=shell_exec($ShellCmd);

$ShellCmd="mysql -uadmin -p`cat psa.shadow` -e \"SELECT * from psa.cp_access\" 2>&1 >> mylog &";
$ShellFlag=shell_exec($ShellCmd);
$ShellCmd="mysql -uadmin -p`cat psa.shadow` -e \"SELECT * from psa.misc\" 2>&1 >> mylog &";
$ShellFlag=shell_exec($ShellCmd);

content mylog:
param val
access_policy allow
...

Thanks!
 
SSH is also blocked to send plesk admin --add-allowed-ip xxx.xxx.x.x

PHP is not possible, why sh: plesk: command not found
$ShellCmd="plesk admin --add-allowed-ip xxx.xxx.x.x 2>&1 >> mylog &";
$ShellFlag=shell_exec($ShellCmd);

psa.cp_access is empty
access_policy in psa.misc is allow

psa is restarted, it should works, but I get no access.
My current remote ip address is blocked. How is the ip address blocked, where can I modify this (access via Power Panel)?
 
The problem is that tcp,ssh an so on is blocked in iptables.
I can modify /usr/local/psa/var/modules/firewall/firewall-active.sh, but how to start "/etc/init.d/psa-firewall restart" in PowerShell?

Thanks!
 
Only modified the iptables helps.

I do it via PHP because I have no other access (ports 12443, 11443, 11444, 8443, 8447, 8080, 21, 22, 110, 995, 106, 3306 was only allowed for old ip address)

Logon in Power Panel - FileManager

Goto /var/www/vhost/domain/ where you have access via PHP
Greate a file doscript.php, content:
<?php
$errstr=exec ("sudo /var/www/vhost/domain/doroot.sh");
echo $errstr."<br>";
?>

Goto /etc and download sudoers
Put at the end of the file: ALL ALL=NOPASSWD: /var/www/vhost/domain/doroot.sh
upload sudoers
(/var/www/vhost/domain/doroot.sh works now as user root, started from PHP/Apache with other user)

Goto /var/www/vhost/domain/ and create a script doroot.sh with content: /sbin/iptables -L --line-numbers 2>&1 > mylog &
Go in browser and load url: http://domain/doscript.php
Have a look to url: http://domain/mylog and find the line where you must input the new-ip-address

Modify file doroot.sh for example:
#
/sbin/iptables -I INPUT 33 -p tcp --dport 8443 -s new-ip-address -j ACCEPT
#/sbin/iptables -L --line-numbers 2>&1 > mylog &

Reload in browser - url: http://domain/doscript.php

Modify file doroot.sh to:
#
#/sbin/iptables -I INPUT 33 -p tcp --dport 8443 -s newipaddress -j ACCEPT
/sbin/iptables -L --line-numbers 2>&1 > mylog &

Reload in browser - url: http://domain/doscript.php
Reload in browser - http://domain/mylog and look for input is do

Modify file doroot.sh to:
#
#/sbin/iptables -I INPUT 33 -p tcp --dport 8443 -s newipaddress -j ACCEPT
#/sbin/iptables -L --line-numbers 2>&1 > mylog &
mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -e "DELETE from psa.cp_access;"
mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -e "UPDATE psa.misc set val='allow' where param='access_policy'"
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -e "SELECT * from psa.cp_access" 2>&1 > mylog &
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -e "SELECT * from psa.misc" 2>&1 >> mylog &

Reload in browser - url: http://domain/doscript.php
Reload in browser - http://domain/mylog and look for psa.cp_access isempty and if param 'access_policy'" val is set to 'allow'

Start in browser https://domain:8443 and modify the firewall
 
Last edited:
You must log in or register to reply here.

Similar threads

Edi Duluman
Resolved Access denied for user 'admin'@'localhost' after dist-upgrade
Replies
2
Views
741
Edi Duluman
Edi Duluman
Daerik
Resolved Plesk Migrator Failing to Sync Database Records After Server Upgrade
Replies
8
Views
1K
Maarten
M
M
Question How to set up and actually use existing SSH Keys for Plesk Accounts
Replies
2
Views
413
MHC_1
M
K
Issue Plesk Migrator fails on mysql connection
Replies
4
Views
1K
KDawson
K
S
Issue MariaDB 10.5 to 10.11 upgrade failure on AlmaLinux 9.5
Replies
3
Views
2K
sder
S
Back
Top