Plesk MS SQL Insecure

[MattWHT]

Is the MS SQL version installed is Plesk insecure. I woke up this morning to find the machine pushing a over 7mbits per seconds and its seems from the logs a trojan was uploaded via xp_cmdshell?

 

[AdamF]

Yes it requires patching up. It is the old vulnerability that the slammer worm used. You should patch MSDE to SP3 and apply a hotfix. If you are going to reinstall your box then I would advise that you installed the sp3 version of sql server first and then install plesk. I had less hassle that way. BTW make sure you install it in mixed mode.

AdamF

 

[MattWHT]

Isn't that just stupid of Plesk? Why bother including insecure software?

System administration practices aside, I mean any IP is regularly scanned by bots for such vunerabilities, so despite that fact the Plesk doesnt mention anywhere about MS-SQL server (it's not even in the service list - Plesk SQL server applies to mySQL), just whilst installing it you open your computer to remote vunerability (e.g. myself with xp_cmdshell), a good bot will only need a few seconds.

 

[AdamF]

I agree especially if you don't even have a mssql licence, like us. It is in the services list under mssqlserver. As we didn't have the license I didn't expect to have it installed. I tell you what, I learnt about MS BaseLine after this vulnerability.

 

[MattWHT]

Originally posted by AdamF
I agree especially if you don't even have a mssql licence, like us. It is in the services list under mssqlserver. As we didn't have the license I didn't expect to have it installed. I tell you what, I learnt about MS BaseLine after this vulnerability.

I think its MSDE (basically MS-SQL with a 5 concurrent access) which is can be distributed as far as I know, but still it seems like gross neglience on the part of Plesk to include an insecure version like I said a clever bots only need a few seconds , I definitely won't be purchasing Plesk now (probably time to move on...).