1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk and security - pain in the ***

Discussion in 'Plesk for Linux - 8.x and Older' started by ctek, Aug 25, 2006.

  1. ctek

    ctek Guest

    we have taken over a plesk 8.0 machine from a customer. its seems to be a pain in the *** concidering security. since we have taken over the machine, we had several script kiddies, pishers etc. on the machine.

    the latest attack was some script in /var/temp folder (udp flooding script) called andos.txt together with some tar file iceBNZ.tgz.

    the script seems to be executed by some php or perl script. we have removed the script and look for any security whole now in plesk modules.

    the OS is a debian linux stable version with no external module support kernal.

    any hints or tipps

    1) to improve security in plesk (perl/php/apache)
    2) how the script and tar file got to the /var/temp folder ?

  2. panaman

    panaman Guest

    there are a few things you can do.
    Hopefully your /tmp directory s a seperate filesystem

    If it is you can make itso that it is noexec which makes it so you can't execute scripts out of it.

    another thing that will help you tremedously is installing mod_security and mod_evasive

    they are super easy to install.
    and would prevent that **** from happening.

    a couple other things i recommend is..
    remove the plesk firewall module
    and use apf firewall
    also yous BFD (brute force detection)

    these are a few things I recommend everyone to do on a machine fo security