• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue spoof emails : Disk quota(space) exceeding.

A

andyxyz

Basic Pleskian
We have had a few reports from customers today


From: Plesk on CUSTOMER.DOMAIN.COM <[email protected]>
Sent: 02 July 2021 16:06
To: [email protected]
Subject: Disk quota(space) exceeding.


<CUSTOMER.DOMAIN.COM> Disk quota exceeding notification

Our system has identified a critical condition of one of the server parameters.
The account currently uses 99.98% of its disk capacity.
Please log in to Plesk and check the server status: https://CUSTOMER.DOMAIN.COM:8443

The email address IS the customers registered Plesk user email address so it does look like this has leaked from plesk.

Behind the link are various fake domains that all seem to redirect to webhostplesk.com which is hosted on 45.146.164.27. I assume this page is harvesting plesk logins from there?

Is anyone else seeing this?
 
I am. Started seeing this a few days ago, wondered WTF happened since all my servers have plenty of storage left. Was wondering if it was some kind of bug or whatever but didn't care much about it, until today.
Upon further examination (which took all of two full seconds LOL) I noticed this message was sent to a very specific email address that I use exclusively to handle domains with the brazilian domain registrar. That email address is used only there and it is publicly visible when WHOIS'ing a domain.
So I don't think it leaked from Plesk, it was just someone scraping domain data.
 
+1

Over the past few days, around a hundred emails have been received. A priori this spam campaign detects that the hosting works under Plesk and sends these emails to the low whois emails of the domains concerned. PS: it is important not to click on the links. This becomes problematic on our side, our customers give us back the information ... It passes anti-spam ...

Igor,
Have you had any significant feedback on the problem? Is there a way to block this besides the usual anti-spam tools?
 
Right now I'm truly, *really* glad that I run a managed website hosting business and my clients *don't* have access to the Plesk panel (nor do they even know I'm using it). I'm just imagining what the damage would be if my clients clicked on these links.

In any case I clicked on the link just for fun (I generally do, just to enjoy the effort of the hackers). Looks like the domain (https***test.linezapparel.com) was nixed, so I guess everyone is safe for now - until they start sending other batches with a new domain.
 
You must log in or register to reply here.

Similar threads

burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
1K
Peter Debik
P
A
Issue Backups take space from subscriptions
Replies
13
Views
1K
Kaspar
K
burnley
Issue [17.5.3] Plesk for Linux logrotate issue: error_log not rotated
Replies
1
Views
1K
burnley
burnley
D
Issue Email Spoofing
Replies
16
Views
4K
IgorG
IgorG
Bitpalast
Forwarded to devs Disk space miscalculation after an e-mail address is changed from local mailbox to forward only
Replies
3
Views
1K
IgorG
IgorG
Back
Top