• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Plesk 8.2 appears vulnerable

let ,e explain my problem

Hi,

Let me explain my problem fully and you tell if it could be a hack,
I have had no problem till i do first OS Reload, after that server was ok for one week till the planet updated my F-Secure and after a restart Server wents down, and they said another OS Reload, again they have do an Update on MY F-Secure and and another restart nothing happend but exactly a week latter and it was second restart, server didnt respond, this time outage ticket was going so long and they bringed back my server but no RDP just installed VNC and told me use that

They told me some changes on Registry that closed RDP but i asked a security person, he told me for changes on Registry it needs someone to login with Administrator roll.... but if he login with administrator, why he closed RDP? why he didnt delete data? or changes data?

and after that i done another os reload and then ordered a cisco firewall and F-secure installed again, but some days latter i saw an email on my server... IP Allert, server was restarted i logged into server and saw...wow.... F-Secure was unistalled? i created a ticket and TP installed it again another restart server comes back, again day after that i comed back. no F-Secure but No Restart... they said this is SWSoft Problem? could it be?
Could it be hack really?

Regards,
Hamed
 
any new news? does problem solved

Hi,

Any new news about this problem? any one new who exprienced this problem?
are others problem continue?

Regards,
Hamed
 
Guys, this is so easy to fix, just find another remote control software and install it on a different port than 3389 and then disable completly the rdc remote connections on port 3389.
 
RDP is rarely the issue in my experience, it is however usually anonymous ftp. I never allow anonymous ftp on any sites anywhere.
 
make sure you change BOTH the VZPP root and PLESK admin passwords IMMEDIATELY after a INSTALL / REINSTALL since the PLESK "admin" user password remains as "setup" after re/install until you change it !
 
its windows not plesk

i got a vps a lil while ago and within 24hrs i notice it was hacked and was running torrents in it, i had it rebuilt and again it was hacked by th etime i was logged in, i had them do it again and the same thing happened instantly upon creation before i could turn on the windows firewall, the last time i asked to have the vps guys turn on the windows firewall b4 they turned the server live.
this solved the problem, windows firewall by default was not enabled , i dont know why they do this knowing its gonna get hacked.
anyways, i dont have the details on the hack details right now as its been a lil while
and it is not important the actual windows exploit they used to get root
- it was a windows hack and not plesk, they loaded a windows exploit and created an admin user, then loaded the file sharing app
-not a plesk hack
-just remember turn on windows firewall immediatly, check for extra windows admins in user console
- have them turn on firewall b4 the server is on
- it is a scripted attack and once they have the ip they will keep attacking, and it happens so fast u cant stop it unless you start with a protected server
- do not open any ports you dont need- ie sql, or they will be attacked, used a defined ip to allow connects if you must open a port
 
Hi just to ilustrate i ordered a server from the Planet and it came with a trojan installed.

the planet setup the server 8:00 am and 9:am i came to install the programs. the Kapersky antivirus was enabled by default and the NOD32 was no installed even the setup files was copied from the planet to the server. i install NOD32 reboot the machine disable Kapersky antivirus and do a full search i found a trojan in the System32 folder.

i have a screenshot of this.. so take care with server that is setup in less one hour.

Thanks
 
it only takes 1 sec

Modchips said:
Hi just to ilustrate i ordered a server from the Planet and it came with a trojan installed.

the planet setup the server 8:00 am and 9:am i came to install the programs. the Kapersky antivirus was enabled by default and the NOD32 was no installed even the setup files was copied from the planet to the server. i install NOD32 reboot the machine disable Kapersky antivirus and do a full search i found a trojan in the System32 folder.

i have a screenshot of this.. so take care with server that is setup in less one hour.

Thanks
Click to expand...

once they run the server scan, it takes mere seconds to attack your computer.
if you made it an hour you are doing good, i had mine exploited in mere seconds from goin only, the 2nd time it was restored, because they already knew a valid ip to attack,


you must have windows firewall on b4 you turn your server on to the net!!!
make sure to get all you updates as well
 
do we turn off port 3389 and back on using plesk admin when we need to access???
 
You must log in or register to reply here.

Similar threads

Ehud
Question Was a new file with the name 'ync' which appeared on domain's root level, placed by Plesk?
Replies
1
Views
621
Peter Debik
P
E
Issue Using an external reverse proxy (nginx) server -> Plesk Obsidian Almalinux
Replies
4
Views
888
Edric2023
E
S
Issue No database servers
Replies
8
Views
582
Stettin
S
G
Issue can't login on Plesk Onyx on Ubuntu 14 anymore
Replies
18
Views
2K
BaileyPayner
B
8
How to renew licence for Parallels Plesk Control Panel 8.6.0?
Replies
2
Views
2K
8.6 user
8
Back
Top