• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue spoof emails : Disk quota(space) exceeding.

A

andyxyz

Basic Pleskian
We have had a few reports from customers today


From: Plesk on CUSTOMER.DOMAIN.COM <[email protected]>
Sent: 02 July 2021 16:06
To: [email protected]
Subject: Disk quota(space) exceeding.


<CUSTOMER.DOMAIN.COM> Disk quota exceeding notification

Our system has identified a critical condition of one of the server parameters.
The account currently uses 99.98% of its disk capacity.
Please log in to Plesk and check the server status: https://CUSTOMER.DOMAIN.COM:8443

The email address IS the customers registered Plesk user email address so it does look like this has leaked from plesk.

Behind the link are various fake domains that all seem to redirect to webhostplesk.com which is hosted on 45.146.164.27. I assume this page is harvesting plesk logins from there?

Is anyone else seeing this?
 
I am. Started seeing this a few days ago, wondered WTF happened since all my servers have plenty of storage left. Was wondering if it was some kind of bug or whatever but didn't care much about it, until today.
Upon further examination (which took all of two full seconds LOL) I noticed this message was sent to a very specific email address that I use exclusively to handle domains with the brazilian domain registrar. That email address is used only there and it is publicly visible when WHOIS'ing a domain.
So I don't think it leaked from Plesk, it was just someone scraping domain data.
 
+1

Over the past few days, around a hundred emails have been received. A priori this spam campaign detects that the hosting works under Plesk and sends these emails to the low whois emails of the domains concerned. PS: it is important not to click on the links. This becomes problematic on our side, our customers give us back the information ... It passes anti-spam ...

Igor,
Have you had any significant feedback on the problem? Is there a way to block this besides the usual anti-spam tools?
 
Right now I'm truly, *really* glad that I run a managed website hosting business and my clients *don't* have access to the Plesk panel (nor do they even know I'm using it). I'm just imagining what the damage would be if my clients clicked on these links.

In any case I clicked on the link just for fun (I generally do, just to enjoy the effort of the hackers). Looks like the domain (https***test.linezapparel.com) was nixed, so I guess everyone is safe for now - until they start sending other batches with a new domain.
 
You must log in or register to reply here.

Similar threads

QWeb Ric
Issue Track email delivery -> Action log showing "Domain's disk space limit reached"
Replies
1
Views
685
QWeb Ric
QWeb Ric
Gary W.
Issue Server 500 Error and Plesk inaccessibility due to Full Disk - Prevention tips needed
Replies
3
Views
903
Kaspar@Plesk
Kaspar@Plesk
C
Question psa folder occupies more than 50% of my EC2 instance disk space
Replies
2
Views
939
Peter Debik
P
P
Issue Disk usage calculation is wrong
Replies
1
Views
1K
Kaspar@Plesk
Kaspar@Plesk
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
2K
Change Maker
C
Back
Top