• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Security Issues?

J

JosephB

Guest
I just discovered that with the default configuration a customer using Tomcat can write to any folder on the server. I am now concerned whether there are other security risks that I am unaware of. Is Plesk secure and safe for shared hosting, or are there other security risks that I should look out for?
 
It's windows, I wouldnt run shared hosting on. We use it for our company's operations, and it wasnt my choice, but we have ASP applications so we have to.
 
Tomcat is a bit of an oddball but I don't know of any widely publicized security issues with Plesk, and there certainly aren't any on this forum. If you think you have found a security issue you should probably e-mail SWSoft with this problem.
 
I have improved the security by setting up a new restricted user account for the Tomcat service to run as, so it no longer runs as administrator, and can only access files that I have specifically granted the tomcat user access to. This does not completely resolve the issue, because one customer can still access and modify any files on another customer's account which also have the tomcat user permissions.

Actually the purpose of this thread is just to ask if others are aware of any other similar vulnerability with Plesk on Windows. If you know of any then please let me know so that I can try to secure the server. I'm sure this information will also be valuable to all other Plesk for Windows customers.

Regarding the Tomcat security vulnerability I have created another thread, which can be found here:
http://forum.swsoft.com/showthread.php?s=&threadid=35293

Thanks for your input!
 
Originally posted by JustinK101
It's windows, I wouldnt run shared hosting on. We use it for our company's operations, and it wasnt my choice, but we have ASP applications so we have to.
Click to expand...

I hate opinions like this. There are thousands of web hosts running Windows-based shared hosting solutions with no problems. What are their secrets?
 
You must log in or register to reply here.

Similar threads

brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
2K
Maarten
M
T
Resolved WordPress Toolkit Reporting Incorrect Risk Levels Again
Replies
5
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
939
Raul A.
R
Jürgen_T
Question Safe to enable postgrey with free Plesk Email Security (Amavis + SpamAssassin + ClamAV)?
Replies
1
Views
545
ChristophRo
ChristophRo
R
Question Is it safe to use Memcached in a shared Plesk hosting environment?
Replies
2
Views
1K
ranjithkr
R
Back
Top