• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Plesk default test Pages vulnerable (miva/test.html) ??

D

daanse

Regular Pleskian
Hi,

i was always wondering, if this default test Pages where vulnerable:

Code: 
# ls -l
total 36
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 apacheasp
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 cgi
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 coldfusion
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 fcgi
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 miva
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 perl
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 php
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 python
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 ssi

because if i look on the (old?) miva Folder:

Code: 
# ls -l
total 132
-rw-r--r-- 1 hostinguser psacln   1962 Jun 22  2017 test.html
-rw-r--r-- 1 hostinguser psacln   6326 Jun 22  2017 test.mvc
-rw-r--r-- 1 hostinguser psacln 121236 Jan 18 20:47 xmlrpc-default_heading.php

and found firstly (see Date) recently modified File named: xmlrpc-default_heading.php which seems to be infected.

Bildschirmfoto 2019-01-20 um 00.53.57.jpg

How is this possible?
it turned out that the Customer is being hacked anyways (not clear how exactly, but this seems a good entry point though)...

Any Ideas?
This Server was upgraded before .... We where using Plesk Onyx for a long time now. Before it was some older Server with some "miva" folder?!
 
Brujo said:
Well you have to go to the customer website and identify....
Click to expand...

So this is not the miva test page fault?
And my Question generally about those Test Pages, are they safe to leave them alone by default?
Or should we use "own default Templates" ?
 
I do not belive that that miva or test pages is the fault. It is up to you if you like to provide test pages or not. I for example cleand it up and removed unneccessary test pages and on a newer Onyx installation the structure looks like

drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 fcgi
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 perl
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 php
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 python
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 ssi
Click to expand...
 
Last edited:
You must log in or register to reply here.

Similar threads

M
Issue hosting update is failed: vhostmng-structure failed: Cannot create directory /httpdocs/Master/Production/current/public: No such file or directory
Replies
3
Views
1K
Kaspar@Plesk
Kaspar@Plesk
Oscar Segura
Issue Upgrading from Ubuntu 20.04 to 22.04: failed reboot
Replies
0
Views
3K
Oscar Segura
Oscar Segura
P
Forwarded to devs New FTP user overwrites system user
Replies
1
Views
993
IgorG
IgorG
Fabian H
Resolved Log rotation error
Replies
2
Views
2K
Fabian H
Fabian H
A
Resolved Can't remove php handler from list - the PHP handler "plesk-php56-fastcgi" is not found
Replies
7
Views
4K
tfrank7
T
Back
Top