• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Security Forum I think is needed.

lvalics

Silver Pleskian
Plesk Guru
I think is time to open a security forum, where Admins can talk about how to secure a PLESK server, how to avoid hackers, how to fix problems if comming up etc.
 
I come with first questions, suggestions.

After this phpBB security things, I treid to see how people enter in servers and I find like:

They try to execute comand and install softwares like BNC or other into server.
The way to do is to use /tmp directory, writeable to anyone.
OK, because I cannot change this (even if in new PLESK I saw in each domain a /tmp) I can try to make to diable to install things in /tmp.

They try to get programs with WGET, NCFTP or LYNX usually, common used is WGET.

So I expect comments on changing WGET and other programs, LYNX, NCFTP to be executable only by root, like chmod 700 wget or to get out suid from wget like chmod -s wget.

Is a good way to try to stop them to install programs?
It will affect other softwares who will use wget ?
 
Back
Top