• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Plesk default test Pages vulnerable (miva/test.html) ??

daanse

Regular Pleskian
Hi,

i was always wondering, if this default test Pages where vulnerable:

Code:
# ls -l
total 36
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 apacheasp
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 cgi
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 coldfusion
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 fcgi
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 miva
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 perl
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 php
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 python
drwxr-xr-x 2 hostinguser psacln 4096 Jan 18 20:47 ssi

because if i look on the (old?) miva Folder:

Code:
# ls -l
total 132
-rw-r--r-- 1 hostinguser psacln   1962 Jun 22  2017 test.html
-rw-r--r-- 1 hostinguser psacln   6326 Jun 22  2017 test.mvc
-rw-r--r-- 1 hostinguser psacln 121236 Jan 18 20:47 xmlrpc-default_heading.php

and found firstly (see Date) recently modified File named: xmlrpc-default_heading.php which seems to be infected.

Bildschirmfoto 2019-01-20 um 00.53.57.jpg

How is this possible?
it turned out that the Customer is being hacked anyways (not clear how exactly, but this seems a good entry point though)...

Any Ideas?
This Server was upgraded before .... We where using Plesk Onyx for a long time now. Before it was some older Server with some "miva" folder?!
 
Well you have to go to the customer website and identify....

So this is not the miva test page fault?
And my Question generally about those Test Pages, are they safe to leave them alone by default?
Or should we use "own default Templates" ?
 
I do not belive that that miva or test pages is the fault. It is up to you if you like to provide test pages or not. I for example cleand it up and removed unneccessary test pages and on a newer Onyx installation the structure looks like

drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 fcgi
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 perl
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 php
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 python
drwxr-xr-x 2 xyz psacln 4096 Jun 29 2018 ssi
 
Last edited:
Back
Top