• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Plesk and security - pain in the ***

C

ctek

Guest
we have taken over a plesk 8.0 machine from a customer. its seems to be a pain in the *** concidering security. since we have taken over the machine, we had several script kiddies, pishers etc. on the machine.

the latest attack was some script in /var/temp folder (udp flooding script) called andos.txt together with some tar file iceBNZ.tgz.

the script seems to be executed by some php or perl script. we have removed the script and look for any security whole now in plesk modules.

the OS is a debian linux stable version with no external module support kernal.

any hints or tipps

1) to improve security in plesk (perl/php/apache)
2) how the script and tar file got to the /var/temp folder ?

thankx
 
there are a few things you can do.
Hopefully your /tmp directory s a seperate filesystem

If it is you can make itso that it is noexec which makes it so you can't execute scripts out of it.

another thing that will help you tremedously is installing mod_security and mod_evasive

they are super easy to install.
and would prevent that **** from happening.

a couple other things i recommend is..
remove the plesk firewall module
and use apf firewall
also yous BFD (brute force detection)

these are a few things I recommend everyone to do on a machine fo security
 
Back
Top