• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Server Attack

F

FPA

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Plesk Obsidian 18.0.54 Update #3
HI,
I experience server attacks recently.
This is what the phpmyadmin displays:
Screenshot 2023-08-21 at 16-33-41 Websites & Domains - Plesk Obsidian 18.0.54.png
Any help would be much appreciated!
 
Could you please describe the issue in more detail? Your screenshot shows a McAfee website in the background (or a website that looks like a McAfee site) and a dialog in front. It's a screenshot of your website that is hosted on the server. This is not linked to phpMyAdmin in any way. It is also quite strange, because unless you are McAfee it is not likely that you have their content in your website. Maybe your website was hacked to impersonate their website and trick users into downloading files?
 
I'm not a programmer to give you more technical details.
All I can say is that I get alerts as the server's CPU is running at 100% for a long period, that the website goes offline and comes back randomly.
All started by some wordpress scripts that were introduced on the server that I was able to clean up.

Your reply confort me in the fact that I'm seeing the same thing than you: the McAfee screenshot instead of my phpmyadmin preview.
Here is a larger picture:
Capture-d'écran-2023-08-21-185549.jpg
Meanwhile, my website was displaying the same image. Hopefully, I could restore it from a backup from this morning.
I'm now about to upgrade Prestashop to hopefully overwrite damaged files.

I need some assistance in securing the website. I'll be greatful if you can advise me a serious person/structure that can take the job in charge.
 
I did not actually look at your website (because I do not know your website, it is not mentioned in your posts). I only saw that the screenshot generator of Plesk captured a screenshot that is obviously not your website. I also did not understand that you must have created your own subdomain "phpmyadmin" with the intention to put your own phpMyAdmin onto it. Why not simply use the phpMyAdmin that comes with the webserver and is readily available for use in the "Databases" menu?

My guess is that your website was hacked and that a hacker shows a spoofed McAfee website instead of your real content. Replacing your website content with a fresh copy of whatever you wanted to install there should solve that.

For assistance I can strongly recommend a Plesk support subscription. https://support.plesk.com
It is included with your Plesk license if you bought your license from Plesk. If you bought your license from a reseller, a support subscription is available at a very low price: https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-
 
You must log in or register to reply here.

Similar threads

brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
500
Maarten
M
Azurel
Question Show version of plesk in sign in (and html code)?
Replies
4
Views
331
Azurel
Azurel
LuigiMdg
Issue Server Hacked
2
Replies
28
Views
3K
LuigiMdg
LuigiMdg
J
Issue AH01071 Failed to open stream: Too many open files in ...
Replies
0
Views
128
JohnWest
J
K
Resolved How to avoid redirection loop in plesk nginx config?
Replies
4
Views
294
Raul A.
R
Back
Top