• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Plesk default test Pages vulnerable (miva/test.html) ??

D

daanse

Regular Pleskian
Hi,

i was always wondering, if this default test Pages where vulnerable:

Code: 
# ls -l
total 36
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 apacheasp
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 cgi
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 coldfusion
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 fcgi
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 miva
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 perl
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 php
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 python
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 ssi

because if i look on the (old?) miva Folder:

Code: 
# ls -l
total 132
-rw-r--r-- 1 hostinguser psacln   1962 Jun 22  2017 test.html
-rw-r--r-- 1 hostinguser psacln   6326 Jun 22  2017 test.mvc
-rw-r--r-- 1 hostinguser psacln 121236 Jan 18 20:47 xmlrpc-default_heading.php

and found firstly (see Date) recently modified File named: xmlrpc-default_heading.php which seems to be infected.

Bildschirmfoto 2019-01-20 um 00.53.57.jpg

How is this possible?
it turned out that the Customer is being hacked anyways (not clear how exactly, but this seems a good entry point though)...

Any Ideas?
This Server was upgraded before .... We where using Plesk Onyx for a long time now. Before it was some older Server with some "miva" folder?!
 
Brujo said:
Well you have to go to the customer website and identify....
Click to expand...

So this is not the miva test page fault?
And my Question generally about those Test Pages, are they safe to leave them alone by default?
Or should we use "own default Templates" ?
 
I do not belive that that miva or test pages is the fault. It is up to you if you like to provide test pages or not. I for example cleand it up and removed unneccessary test pages and on a newer Onyx installation the structure looks like

drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 fcgi
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 perl
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 php
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 python
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 ssi
Click to expand...
 
Last edited:
You must log in or register to reply here.

Similar threads

Oscar Segura
Issue Upgrading from Ubuntu 20.04 to 22.04: failed reboot
Replies
0
Views
2K
Oscar Segura
Oscar Segura
P
Forwarded to devs New FTP user overwrites system user
Replies
1
Views
845
IgorG
IgorG
Fabian H
Resolved Log rotation error
Replies
2
Views
2K
Fabian H
Fabian H
A
Resolved Can't remove php handler from list - the PHP handler "plesk-php56-fastcgi" is not found
Replies
7
Views
3K
tfrank7
T
W
Issue Nextcloud (Extension) Upgrade Error
Replies
6
Views
5K
dwuest
D
Back
Top