• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

URL Scan

P

paulwilson159

Guest
Hello

We recently have started encountering a spammer who is exploiting PHP on our Plesk windows server.

Has anyone had a go with the URLscan addon that MS has provided?

We have managed to block a large number of the attacks using mod_security on Plesk Linux, but we are now looking for a Windows IIS equivilant....
 
Hello,
there`s a way to spot the spammer:

You should go to Plesk -> IIS Appliaction Pool and force all the domains to run in dedicated IIS pools.

After that you`ll just need o track a connection to the Mailserver with the netstat utility, get the PID of the php process and lookup the user in Task Manager who runs this process.

Each application pool will have a user with name IWAM_<domain-ftp-user-name>.

Though, I have no information on the URLscan extension.
 
I'll try this ISAPI Filter this week:
http://www.aqtronix.com/?PageID=99

I have tested in a isolated server (lab enviroment), and loved the way it works.
I'll try on my real servers this week, and can post a review later.

If anyone test the filter too, please, post!

Thanks.
 
You must log in or register to reply here.

Similar threads

P
Resolved Issue with Subscription Backups in Plesk CLI Using FTP Storage
Replies
5
Views
2K
paolotrombini25
P
K
Question modsecurity
Replies
2
Views
2K
Knutsford
K
V
Issue Smarthost + SRS = relay?
Replies
2
Views
10K
vanlier
V
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
8
Views
3K
HHawk
HHawk
A
Question Plesk for Windows (Godaddy Website Hosting) and Microsoft RPC Service
Replies
4
Views
3K
AlmaWalters
A
Back
Top