• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Virus

K

karam

Basic Pleskian
Hello there,
Anyone has encountered this before ?
It made every website in the infected subscription down.

The thing is that we don't know how got it.
 

Attachments

  • Strange.PNG
    Strange.PNG
    146.8 KB · Views: 24
We traced it, it seems 1 website had a week password, and it was attacked, through that attack it infected all the websites in that subscription.

One more new thing to learn.
 
The website has been hacked. If this is a cms like Wordpress or Joomla probably the core or some plugin are not updated to the latest version.
You have to find the source of the problem, patch it and then remove all suspicious files.
Also always use strong password for mail, ftp and plesk access.
 
D4NY said:
The website has been hacked. If this is a cms like Wordpress or Joomla probably the core or some plugin are not updated to the latest version.
You have to find the source of the problem, patch it and then remove all suspicious files.
Also always use strong password for mail, ftp and plesk access.
Click to expand...

Thank you, yes I did so, it seems that the problem is caused by week password, actually it was a test website and had a pass from 1 to 6.
But I didn't expect it would effect other websites in the same subscription, also it had run a process in plesk it self, which was like wow, everything is removed regarding it. But would it's extents reach the server it self or that's kinda impossible ?
 
Here's a screenshot from what I grabbed from it's main folder.
 

Attachments

  • VirFiles.PNG
    VirFiles.PNG
    35.8 KB · Views: 9
Other websites and Plesk should not be damaged. Something similar happened to one of my websites but no other functions was involved.
 
karam said:
Thank you, yes I did so, it seems that the problem is caused by week password, actually it was a test website and had a pass from 1 to 6.
But I didn't expect it would effect other websites in the same subscription, also it had run a process in plesk it self, which was like wow, everything is removed regarding it. But would it's extents reach the server it self or that's kinda impossible ?
Click to expand...

If the websites are under one subscription, All of them have the same system user. Which means whoever gain access to one website can go through all the websites under the same subscription.
 
AusWeb said:
If the websites are under one subscription, All of them have the same system user. Which means whoever gain access to one website can go through all the websites under the same subscription.
Click to expand...

Thank you for the information.
 
You must log in or register to reply here.

Similar threads

aalmadynamo
Issue Issue Adding Custom Log to Site Log View - Internal Error: Failed to load tree data
Replies
2
Views
603
Sebahat.hadzhi
Sebahat.hadzhi
P
Resolved Issue with Subscription Backups in Plesk CLI Using FTP Storage
Replies
5
Views
1K
paolotrombini25
P
Talistech
Resolved Backups failing since a couple days: Unable to run the backup agent
Replies
1
Views
4K
Talistech
Talistech
burnley
Question Creating default permissions for user roles across plesk server.
Replies
1
Views
605
Kaspar@Plesk
Kaspar@Plesk
T
Issue ERROR: Dr.Web Updater: failed to download files ! return code 105
Replies
3
Views
1K
Kaspar@Plesk
Kaspar@Plesk
Back
Top