Can anyone shed some light on why my Plesk servers are constantly compromised? We have identical servers on the same network with the same basic configuration without Plesk that are never touched.

They keep getting these damn remote access hacks installed. We've got anti-virus and the firewall enabled and the hacks actually modify the firewall to give themselves internet access.

We can't figure out what it is that's allowing these things in but we can only assume it's something to do with Plesk since it's only our plesk boxes that have these problems. It's happening with Plesk 7 and 7.5.

 

Only things I can think of off the top of my head is that the hacker has some piece of information specific to those servers...server name, IP address, NIC hardware address, etc. just to mention a few possibilities.

How did you discover they were hacked?