• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Plesk 8 Unveiled

Historically, PLESK was the most secure control panel. But since PLESK 5, we have been begging sw-soft to start dealing with the security flaw or weaknesses such as php run in su_exec however, this has not improved. What good are all the features if your server is going down all the time due to run away php scripts and php expoits. Come on we all know how easy it is to bring down a plesk box with a small php script. And we also know how hard it is to trace the freaking exploit script to a an actual account or user. It seriously worries me that this has not been addresses in PESK since the other major control panels have php running under su_exec which means that cpanel ect.., has a major security advantage over PLESK.
 
I don't see anything about mod_security, php hardening, or internal spam prevention.

Why PLESK has not incorporated a real anti-spam/bulk email catching script yet is beyond my comprehension. It is so eazy to pipe email to a script which replaces the qmail sendmail binary which limits outgoing email based on a threshhold set by the admin. If the sender attempts to send more email within a certain time span, then the script sends all the emails into a database, turns off email and scripting support for the domain and sends a notification to the admin about the abuse. You know how many times you have had spammers signup and then a day or two later try to send 50,000 emails out of your nice little box. Then your server IP's get blacklisted and you have to track the spammer down manually, terminate the account and then contact all the admins from the blacklists and RBLS to get your IP's removed. During this whole time you have hundreds of customers freadking out becuase they cannot send any email.

There used to be a small script named mailmon which was written by the guys at http://webhosting-tools.com/view.cgi/MailMon which has this exact functionality. I used to use it on plesk servers without much trouble installing it.

You would think that the programmers working for PLESK would be able to easily incorporate this into PLESK, but again it just doesn't matter about fixing the propblem that we have all experienced over the past 5 years, it is more important to bring out more flashy features which are basically useless when the server is going down due to expoits and spammers filling your email queue to 80,000.

PLEASE GET BACK TO BASICS AND ADD SOME SECURITY Features beside just checking for trojans.
 
I do all that with ART (a la qmail-scanner, which scans both in and outbound mail) and with ASL for mod_security and general OS hardening.

Plus in SW-Soft's defense, our license on the mod_security rules doesnt allow redistribution.
 
You must log in or register to reply here.

Similar threads

Veronika Polyakova
Input Invite to an interview "Mail troubleshooting in Plesk"
Replies
1
Views
1K
Kaspar
K
A
Issue Mapping bitnami/mysql docker container in Plesk
Replies
4
Views
1K
anatol
A
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
dash
  • Sticky
Question Try our new tool to upgrade your old MariaDB server from Plesk UI
2 3 4
Replies
67
Views
23K
Hangover2
Hangover2
F
Question Plesk Slave DNS & DNS Security
Replies
1
Views
2K
Peter Debik
P
Back
Top