• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Plesk and security - pain in the ***

C

ctek

Guest
we have taken over a plesk 8.0 machine from a customer. its seems to be a pain in the *** concidering security. since we have taken over the machine, we had several script kiddies, pishers etc. on the machine.

the latest attack was some script in /var/temp folder (udp flooding script) called andos.txt together with some tar file iceBNZ.tgz.

the script seems to be executed by some php or perl script. we have removed the script and look for any security whole now in plesk modules.

the OS is a debian linux stable version with no external module support kernal.

any hints or tipps

1) to improve security in plesk (perl/php/apache)
2) how the script and tar file got to the /var/temp folder ?

thankx
 
there are a few things you can do.
Hopefully your /tmp directory s a seperate filesystem

If it is you can make itso that it is noexec which makes it so you can't execute scripts out of it.

another thing that will help you tremedously is installing mod_security and mod_evasive

they are super easy to install.
and would prevent that **** from happening.

a couple other things i recommend is..
remove the plesk firewall module
and use apf firewall
also yous BFD (brute force detection)

these are a few things I recommend everyone to do on a machine fo security
 
Back
Top