Facebook
Twitter
Pagemakers
Silver Pleskian
Just received the following email from 1&1.
Does anybody else know about this? Sounds pretty serious to me.
If you are currently using Plesk on your server, please be advised that you need to perform an important security update.
As the administrator, you are solely responsible for all the security concerns of your server. This means you are liable in the event of misuse and any resulting damage or costs. The following information is provided to you as a courtesy and 1&1 does not guarantee that the information is correct, nor can 1&1 warrantee or guarantee the Plesk software or any related updates. For details, please see the General Terms and Conditions of Service for your 1&1 hosting package.
Security Update Notification
================================
A security breach has currently made all versions of Plesk 8 for Linux Server (excluding version 8.1.1) vulnerable to an SQL injection.
To find out which version of Plesk you are currently using, please go to the login page of your server using Plesk.
Follow the step-by-step guide below to update your server:
Step 1: Log in as root to your server using SSH.
Step 2: Rename the old file /usr/local/psa/admin/plib/class.Session.php on your Plesk for example:
#cp/usr/local/psa/admin/plib/class.Session.php /usr/local/psa/admin/plib/class.Session.php.old
Step 3: Select the hotfix for your Plesk version:
* For Plesk v8.0.0 and v8.0.1:
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.0.1/114298/class.Session.php
* For Plesk v8.1.0:
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.1.0/114298/class.Session.php
* For Plesk 8.2.0:
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.2.0/114298/class.Session.php
Step 4: Put the downloaded file in the appropriate folder, for example # cp ./class.Session.php /usr/local/psa/admin/plib/class.Session.php
Step 5: Restart Plesk using the command below:
# /usr/local/psa/admin/bin/httpsdctl restart
If you have any further questions, please contact our expert support team directly.
Best regards,
Your 1&1 Internet Team
1and1.co.uk
Does anybody else know about this? Sounds pretty serious to me.
If you are currently using Plesk on your server, please be advised that you need to perform an important security update.
As the administrator, you are solely responsible for all the security concerns of your server. This means you are liable in the event of misuse and any resulting damage or costs. The following information is provided to you as a courtesy and 1&1 does not guarantee that the information is correct, nor can 1&1 warrantee or guarantee the Plesk software or any related updates. For details, please see the General Terms and Conditions of Service for your 1&1 hosting package.
Security Update Notification
================================
A security breach has currently made all versions of Plesk 8 for Linux Server (excluding version 8.1.1) vulnerable to an SQL injection.
To find out which version of Plesk you are currently using, please go to the login page of your server using Plesk.
Follow the step-by-step guide below to update your server:
Step 1: Log in as root to your server using SSH.
Step 2: Rename the old file /usr/local/psa/admin/plib/class.Session.php on your Plesk for example:
#cp/usr/local/psa/admin/plib/class.Session.php /usr/local/psa/admin/plib/class.Session.php.old
Step 3: Select the hotfix for your Plesk version:
* For Plesk v8.0.0 and v8.0.1:
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.0.1/114298/class.Session.php
* For Plesk v8.1.0:
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.1.0/114298/class.Session.php
* For Plesk 8.2.0:
http://download1.swsoft.com/Plesk/Hotfix/PleskUnix/8.2.0/114298/class.Session.php
Step 4: Put the downloaded file in the appropriate folder, for example # cp ./class.Session.php /usr/local/psa/admin/plib/class.Session.php
Step 5: Restart Plesk using the command below:
# /usr/local/psa/admin/bin/httpsdctl restart
If you have any further questions, please contact our expert support team directly.
Best regards,
Your 1&1 Internet Team
1and1.co.uk