• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Virus

karam

Basic Pleskian
Hello there,
Anyone has encountered this before ?
It made every website in the infected subscription down.

The thing is that we don't know how got it.
 

Attachments

  • Strange.PNG
    Strange.PNG
    146.8 KB · Views: 24
We traced it, it seems 1 website had a week password, and it was attacked, through that attack it infected all the websites in that subscription.

One more new thing to learn.
 
The website has been hacked. If this is a cms like Wordpress or Joomla probably the core or some plugin are not updated to the latest version.
You have to find the source of the problem, patch it and then remove all suspicious files.
Also always use strong password for mail, ftp and plesk access.
 
The website has been hacked. If this is a cms like Wordpress or Joomla probably the core or some plugin are not updated to the latest version.
You have to find the source of the problem, patch it and then remove all suspicious files.
Also always use strong password for mail, ftp and plesk access.

Thank you, yes I did so, it seems that the problem is caused by week password, actually it was a test website and had a pass from 1 to 6.
But I didn't expect it would effect other websites in the same subscription, also it had run a process in plesk it self, which was like wow, everything is removed regarding it. But would it's extents reach the server it self or that's kinda impossible ?
 
Here's a screenshot from what I grabbed from it's main folder.
 

Attachments

  • VirFiles.PNG
    VirFiles.PNG
    35.8 KB · Views: 9
Other websites and Plesk should not be damaged. Something similar happened to one of my websites but no other functions was involved.
 
Thank you, yes I did so, it seems that the problem is caused by week password, actually it was a test website and had a pass from 1 to 6.
But I didn't expect it would effect other websites in the same subscription, also it had run a process in plesk it self, which was like wow, everything is removed regarding it. But would it's extents reach the server it self or that's kinda impossible ?

If the websites are under one subscription, All of them have the same system user. Which means whoever gain access to one website can go through all the websites under the same subscription.
 
If the websites are under one subscription, All of them have the same system user. Which means whoever gain access to one website can go through all the websites under the same subscription.

Thank you for the information.
 
Back
Top