Plesk and security - pain in the ***

[ctek]

we have taken over a plesk 8.0 machine from a customer. its seems to be a pain in the *** concidering security. since we have taken over the machine, we had several script kiddies, pishers etc. on the machine.

the latest attack was some script in /var/temp folder (udp flooding script) called andos.txt together with some tar file iceBNZ.tgz.

the script seems to be executed by some php or perl script. we have removed the script and look for any security whole now in plesk modules.

the OS is a debian linux stable version with no external module support kernal.

any hints or tipps

1) to improve security in plesk (perl/php/apache)
2) how the script and tar file got to the /var/temp folder ?

thankx

 

[panaman]

there are a few things you can do.
Hopefully your /tmp directory s a seperate filesystem

If it is you can make itso that it is noexec which makes it so you can't execute scripts out of it.

another thing that will help you tremedously is installing mod_security and mod_evasive

they are super easy to install.
and would prevent that **** from happening.

a couple other things i recommend is..
remove the plesk firewall module
and use apf firewall
also yous BFD (brute force detection)

these are a few things I recommend everyone to do on a machine fo security