• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Security problem with filemng

Dreiy83 said:
Finally an email (PARALLELS PLESK PANEL – SECURITY ADVISORY), but it points to an internal KB-article (at the moment):
http://kb.parallels.com/114377:
"You can't see internal articles"

awesome
Click to expand...

Same problem! link broken!

Please, parallels teams, can you do an effort to review mail before send it?
I've updated all my servers yesterday yet (MU15 for plesk 8.6 and MU39 for plesk 10.4.4), can you confirm the lasted correct MU?

Thanks
 
Last edited:
Have the same issue, kb articles which were there this weekend, (auto) magically disappeared somehow,
VERY frustrating, do not undertstand why the kb article about updating phpmyadmin is not there
anymore for example.
 
Fix your link

Parallels - this is a Security concern, fix your damn link to the http://kb.parallels.com/114377 Microupdate installation instructions so that we can take the required course of action! That page currently says "You can't see internal articles".
 
Ok, link works fine now... but can parallels confirm which version of MU is the last one for each version???
Is this article describe the same MU of yesterday??
 
Does anyone know if the 2 latest patches, http://kb.parallels.com/114377 and http://kb.parallels.com/en/114379, will be available for 8.1 users?

One of them seems to only be for 8.2 or higher but the other one says 8.x, however I'm not getting anything via the updater interface.

I'm hesitant to upgrade the server version too far, as it's a live server and extended down time isn't a possibility. And given the "iffy" success stories of peoples upgrades, I am more hesitant.
 
For all of you who missed it, this was in the KB-article released 15 july.
Caution, perhaps they took it out for a reason, I'm not responsible for breaking servers when you apply these command
IgorG: Guys, note, that these commands for phpMyAdmin can be used ONLY for Plesk 8 and 9! Do not run it on Plesk 10.x and 11.x! For Atmail it is acceptable only for 9.0-10.3.1.

Upgrade PHPMyAdmin:
DUMP_D=`cat /etc/psa/psa.conf | grep DUMP_D| head -1 | awk {'print $2'}`
mkdir $DUMP_D/Old_phpMyAdmin
PRODUCT_ROOT_D=`cat /etc/psa/psa.conf | grep PRODUCT_ROOT_D | head -1 | awk {'print $2'}`
cp -r $PRODUCT_ROOT_D/admin/htdocs/domains/databases/phpMyAdmin $PRODUCT_ROOT_D/admin/htdocs/domains/databases/db_edit.php3 $PRODUCT_ROOT_D/admin/htdocs/server/db_server_databases.php $PRODUCT_ROOT_D/admin/htdocs/server/db_servers.php $DUMP_D/Old_phpMyAdmin/
PHPMYADMINDB=`mysql -uadmin -p\`cat /etc/psa/.psa.shadow \` -e 'show databases like "phpmyadmin%"' | tail -1`
mysqldump -uadmin -p`cat /etc/psa/.psa.shadow ` $PHPMYADMINDB > $DUMP_D/Old_phpMyAdmin/phpmyadmin_db.dump
cd /usr/local/psa/var/
wget http://kb.parallels.com/Attachments/20962/Attachments/phpmyadmin_3_4_10.tar.gz
wget http://kb.parallels.com/Attachments/20962/Attachments/pma_install.sh
chmod +x pma_install.sh
./pma_install.sh
Click to expand...


Atmail:
HTTPD_VHOSTS_D=`cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D| awk {'print $2'}`
DUMP_D=`cat /etc/psa/psa.conf | grep DUMP_D| head -1 | awk {'print $2'}`
HTTPD_INCLUDE_D=`cat /etc/psa/psa.conf | grep HTTPD_INCLUDE_D| awk {'print $2'}`
cp -r $HTTPD_VHOSTS_D/../atmail $DUMP_D
cp $HTTPD_INCLUDE_D/zzz_atmail_vhost.conf $DUMP_D
cp -r /etc/psa/webmail $DUMP_D || cp -r /etc/psa-webmail $DUMP_D
mysqldump -uadmin -p`cat /etc/psa/.psa.shadow` atmail > $DUMP_D/atmail/atmail.db
cd /usr/local/psa/var
wget http://kb.parallels.com/Attachments/20959/Attachments/atmail_105.tar.gz
wget http://kb.parallels.com/Attachments/20959/Attachments/atmail_install.sh
chmod +x atmail_install.sh
./atmail_install.sh
Click to expand...
 
Last edited by a moderator:
Guys, note, that these commands for phpMyAdmin can be used ONLY for Plesk 8 and 9! Do not run it on Plesk 10.x and 11.x! For Atmail it is acceptable only for 9.0-10.3.1.
 
IgorG said:
Guys, note, that these commands for phpMyAdmin can be used ONLY for Plesk 8 and 9! Do not run it on Plesk 10.x and 11.x! For Atmail it is acceptable only for 9.0-10.3.1.
Click to expand...

Is really necesary to update phpMyAdmin? it's part of recient plesk security problem or MU solve this problem?
 
This update includes all security patches for phpMyAdmin. Therefore it will be useful for preventing possible hacker's attack in any case.
 
@ IgorG

Any response to my previous question?

LeithD said:
Does anyone know if the 2 latest patches, http://kb.parallels.com/114377 and http://kb.parallels.com/en/114379, will be available for 8.1 users?

One of them seems to only be for 8.2 or higher but the other one says 8.x, however I'm not getting anything via the updater interface.

I'm hesitant to upgrade the server version too far, as it's a live server and extended down time isn't a possibility. And given the "iffy" success stories of peoples upgrades, I am more hesitant.
Click to expand...
 
Yes, you are correct. Old Plesk versions like 8.1 do not have the MicroUpdates mechanism.
 
Hi, just for the record. Our plesk admin panel is firewalled, our system was said to be "Successfully Patched" and yet even after cleaning out the infected files, they somehow returned.

Please explain?
 
You must log in or register to reply here.

Similar threads

A
Issue My websites are crossing paths in either NGINX or DNS
Replies
0
Views
1K
andylehti
A
revisium
Input Revisium Antivirus for Websites
Replies
17
Views
7K
Chris Wokes
C
E
How to Set up Your WordPress Website Security
Replies
0
Views
2K
Elvis Plesky
E
V
Resolved ERROR while trying to check the hostname
Replies
6
Views
2K
VojkanC
V
C
Resolved Auto update Plesk was FAILD
Replies
4
Views
2K
Comando
C
Back
Top