• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

PHP script injections, can Plesk help me find the culprit

L

LoïcM

Basic Pleskian
Hi all, my server is compromised as every day I can see malicous PHP scripts created and burried in some websites. I'm able to find these from the access log, looking for POST requests on unusual PHP locations (example : POST /assets/images/actus/start.php HTTP/1.0). So I've created a fail2ban filter to ban IP accessing these URLs but this doesnt stop the root cause of infection.
Can Plesk help me understand how those scripts are created ?
Thank you
 
LoïcM said:
Can Plesk help me understand how those scripts are created ?
Click to expand...
Frankly, it is out of scope task even for Plesk Support Team.
Regarding forum - how you imagine doing a security audit of your server in the scope of forum discussion? Direct root ssh access on your server and serious investigation are required. It is really system administrator's task.
I can suggest you read carefully this documentation, for example - http://docs.plesk.com/en-US/12.5/advanced-administration-guide-linux/enhancing-security.68755/ or https://kb.plesk.com/en/114620
I hope it will help. Or maybe someone from community will help you with security audit of your server.
 
Thank you Igor, I'm parsing many log files since days without finding the hole, so I was just wondering if Plesk had some tools that can point me to some security flaws... I will check your links thanks.
 
This has nothing to do with Plesk but I've just found OSSEC and it's a great tool to know what is happening on a server by checking rootkits, monitoring logs, verify checksum of important files etc..
OSSEC can be find on github : http://ossec.github.io/
 
LoïcM said:
Hi all, my server is compromised as every day I can see malicous PHP scripts created and burried in some websites. I'm able to find these from the access log, looking for POST requests on unusual PHP locations (example : POST /assets/images/actus/start.php HTTP/1.0). So I've created a fail2ban filter to ban IP accessing these URLs but this doesnt stop the root cause of infection.
Can Plesk help me understand how those scripts are created ?
Thank you
Click to expand...

If you rules all security until from your server with panel plesk,
you can use the htaccess:
i assemble all if you want? http://alexonbalangue.me/offline/référencement-sécuriser-votre-site.html, you need to edited the files for adapte for your website.

hacker passed :
  • SSH, XSS, injecting SQL, etc...
next step:
  1. Fix security
  2. Re-build your website
  3. update your website
  4. etc...
 
You must log in or register to reply here.

Similar threads

M
Issue Can't open Port 25. Please help
Replies
2
Views
4K
mhogue
M
PeopleInside
Input Help to do a script for Ubuntu 20 to get an email if Fail2Ban is not running.
Replies
0
Views
930
PeopleInside
PeopleInside
WebHostingAce
Question Wordpress Hacked! Unusual Plesk Behavior
Replies
9
Views
4K
WebHostingAce
WebHostingAce
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
2K
Bitpalast
Bitpalast
jhernanper
Issue Unable to install SuiteCRM: Symfony Runtime Exception. Tried everything - desperate
Replies
1
Views
5K
Maarten
M
Back
Top