1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Server hacked

Discussion in 'Plesk for Windows - 8.x and Older' started by parisioa, Feb 24, 2007.

Thread Status:
Not open for further replies.
  1. parisioa

    parisioa Guest

    0
     
    My plesk server was hacked, and i now have several problems.

    My admin password was changed apparently (i cant get in using it, and i know what it is/was)

    Whenever you try and go to any site hosted on this server, you get prompted for login credentials, plesk reconfigurator couldn't fix this. I tried changing the PW on the account and using that in IIS but it didnt work so i have all my sites inaccessible.

    Finally, the mailenable exploit was used, and it was running an SMTP Relay server, i noticed this, and disabled that service but i can't get the first 2 problems fixed.
     
  2. mattd2173

    mattd2173 Guest

    0
     
  3. parisioa

    parisioa Guest

    0
     
    Thanks, that worked for the iis login problems.

    i fixed the plesk admin account, somebody had hacked and changed that password.

    my firewall was tracking 6000 concurrent TCP connections from this box, all dport=110
     
  4. supra2800@

    supra2800@ Basic Pleskian

    23
    90%
    Joined:
    Oct 25, 2006
    Messages:
    59
    Likes Received:
    0
    How/where do you see that ?
     
  5. parisioa

    parisioa Guest

    0
     
    in my transparent firewall,
    cat /proc/net/ip_conntrac | wc -l
     
  6. 3dguru

    3dguru Guest

    0
     
    Post seems to be for a linux version of plesk.
     
  7. parisioa

    parisioa Guest

    0
     
    i have a transparent ethernet bridge/firewall in front of an entire rack of hardware including windows plesk installations, pure IIS webservers, mail servers, etc.

    edit: the transparent firewall is a home built debian box.
     
  8. 3dguru

    3dguru Guest

    0
     
    If you find out how it is hacked, please let me and support know.

    If it is a plesk or they penetrate using another hole...
     
  9. parisioa

    parisioa Guest

    0
     
    it was definitely a mailenable hack, i had the MailEnable SMTP Relay Agent service (or whatever it was that was in c\windows\), there was also a serv-u daemon installed which i nuked, but it was useless to the hackers b/c the transparent firewall would have kept them from being able to use it for anything (only a select number of ports are opened, and there is no way anybody could access that firewall)
     
  10. OlegB

    OlegB Guest

    0
     
Thread Status:
Not open for further replies.
Loading...