• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

PHP script injections, can Plesk help me find the culprit

LoïcM

Basic Pleskian
Hi all, my server is compromised as every day I can see malicous PHP scripts created and burried in some websites. I'm able to find these from the access log, looking for POST requests on unusual PHP locations (example : POST /assets/images/actus/start.php HTTP/1.0). So I've created a fail2ban filter to ban IP accessing these URLs but this doesnt stop the root cause of infection.
Can Plesk help me understand how those scripts are created ?
Thank you
 
Can Plesk help me understand how those scripts are created ?
Frankly, it is out of scope task even for Plesk Support Team.
Regarding forum - how you imagine doing a security audit of your server in the scope of forum discussion? Direct root ssh access on your server and serious investigation are required. It is really system administrator's task.
I can suggest you read carefully this documentation, for example - http://docs.plesk.com/en-US/12.5/advanced-administration-guide-linux/enhancing-security.68755/ or https://kb.plesk.com/en/114620
I hope it will help. Or maybe someone from community will help you with security audit of your server.
 
Thank you Igor, I'm parsing many log files since days without finding the hole, so I was just wondering if Plesk had some tools that can point me to some security flaws... I will check your links thanks.
 
This has nothing to do with Plesk but I've just found OSSEC and it's a great tool to know what is happening on a server by checking rootkits, monitoring logs, verify checksum of important files etc..
OSSEC can be find on github : http://ossec.github.io/
 
Hi all, my server is compromised as every day I can see malicous PHP scripts created and burried in some websites. I'm able to find these from the access log, looking for POST requests on unusual PHP locations (example : POST /assets/images/actus/start.php HTTP/1.0). So I've created a fail2ban filter to ban IP accessing these URLs but this doesnt stop the root cause of infection.
Can Plesk help me understand how those scripts are created ?
Thank you

If you rules all security until from your server with panel plesk,
you can use the htaccess:
i assemble all if you want? http://alexonbalangue.me/offline/référencement-sécuriser-votre-site.html, you need to edited the files for adapte for your website.

hacker passed :
  • SSH, XSS, injecting SQL, etc...
next step:
  1. Fix security
  2. Re-build your website
  3. update your website
  4. etc...
 
Back
Top