• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Vulnerability/Exploit in SiteBuilder 4.5

swopedesign

Regular Pleskian
My VPS host claims that SiteBuilder 4.5 is being exploited so that suspicious processes are running on my VPS. Has anyone else had this issue? This is also occurring that I have 1 Web Presence Builder site (and I know WPB was going to be called SiteBuilder 5) which errors every time a new blog entry is created (posted in another thread, but no response yet to that problem with Plesk product). I do not know if the problems are related and the VPS admins can't seem to determine it either.

Below are the email messages I receive from my server regarding the SiteBuilder vulnerability when it is exploited apparently:

1)

Time: Thu Oct 18 13:31:41 2012 -0500
File: /tmp/.state
Reason: Suspicious directory
Owner: apache:apache (48:48)
Action: No action taken

2)

Time: Thu Oct 18 13:31:41 2012 -0500
File: /tmp/d1e.txt.1
Reason: Script, starts with #!
Owner: apache:apache (48:48)
Action: No action taken

3)

Time: Thu Oct 18 13:31:41 2012 -0500
File: /tmp/d1e.txt
Reason: Script, starts with #!
Owner: apache:apache (48:48)
Action: No action taken

4)

Time: Thu Oct 18 13:36:47 2012 -0500
Account: apache
Resource: Process Time
Exceeded: 14765 > 1800 (seconds)
Executable: /usr/bin/perl
Command Line: /usr/sbin/apache/asterisks
PID: 30003
Killed: No

5)



Time: Thu Oct 18 13:36:47 2012 -0500
PID: 30003
Account: apache
Uptime: 14765 seconds


Executable:

/usr/bin/perl


Command Line (often faked in exploits):

/usr/sbin/apache/asterisks


Network connections by the process (if any):

tcp: 67.222.1.151:42265 -> 173.203.58.251:8080


Files open by the process (if any):

/usr/local/sitebuilder/htdocs/index.php


Memory maps by the process (if any):

08048000-0804b000 r-xp 00000000 00:b6 223894519 /usr/bin/perl
0804b000-0804c000 rw-p 00002000 00:b6 223894519 /usr/bin/perl
090df000-0926b000 rw-p 090df000 00:00 0 [heap]
b7c19000-b7c23000 r-xp 00000000 00:b6 221283262 /lib/libnss_files-2.5.so
b7c23000-b7c24000 r--p 00009000 00:b6 221283262 /lib/libnss_files-2.5.so
b7c24000-b7c25000 rw-p 0000a000 00:b6 221283262 /lib/libnss_files-2.5.so
b7c2e000-b7c33000 r-xp 00000000 00:b6 232816108 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so
b7c33000-b7c34000 rw-p 00004000 00:b6 232816108 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so
b7c34000-b7c56000 rw-p b7c34000 00:00 0
b7c56000-b7da9000 r-xp 00000000 00:b6 221283227 /lib/libc-2.5.so
b7da9000-b7dab000 r--p 00153000 00:b6 221283227 /lib/libc-2.5.so
b7dab000-b7dac000 rw-p 00155000 00:b6 221283227 /lib/libc-2.5.so
b7dac000-b7daf000 rw-p b7dac000 00:00 0
b7daf000-b7dc4000 r-xp 00000000 00:b6 221283273 /lib/libpthread-2.5.so
b7dc4000-b7dc5000 r--p 00015000 00:b6 221283273 /lib/libpthread-2.5.so
b7dc5000-b7dc6000 rw-p 00016000 00:b6 221283273 /lib/libpthread-2.5.so
b7dc6000-b7dc8000 rw-p b7dc6000 00:00 0
b7dc8000-b7dca000 r-xp 00000000 00:b6 221283287 /lib/libutil-2.5.so
b7dca000-b7dcb000 r--p 00001000 00:b6 221283287 /lib/libutil-2.5.so
b7dcb000-b7dcc000 rw-p 00002000 00:b6 221283287 /lib/libutil-2.5.so
b7dcc000-b7dcd000 rw-p b7dcc000 00:00 0
b7dcd000-b7dd6000 r-xp 00000000 00:b6 221283230 /lib/libcrypt-2.5.so
b7dd6000-b7dd7000 r--p 00008000 00:b6 221283230 /lib/libcrypt-2.5.so
b7dd7000-b7dd8000 rw-p 00009000 00:b6 221283230 /lib/libcrypt-2.5.so
b7dd8000-b7dff000 rw-p b7dd8000 00:00 0
b7dff000-b7e26000 r-xp 00000000 00:b6 221283258 /lib/libm-2.5.so
b7e26000-b7e27000 r--p 00026000 00:b6 221283258 /lib/libm-2.5.so
b7e27000-b7e28000 rw-p 00027000 00:b6 221283258 /lib/libm-2.5.so
b7e28000-b7e2b000 r-xp 00000000 00:b6 221283239 /lib/libdl-2.5.so
b7e2b000-b7e2c000 r--p 00002000 00:b6 221283239 /lib/libdl-2.5.so
b7e2c000-b7e2d000 rw-p 00003000 00:b6 221283239 /lib/libdl-2.5.so
b7e2d000-b7e42000 r-xp 00000000 00:b6 221283259 /lib/libnsl-2.5.so
b7e42000-b7e43000 r--p 00014000 00:b6 221283259 /lib/libnsl-2.5.so
b7e43000-b7e44000 rw-p 00015000 00:b6 221283259 /lib/libnsl-2.5.so
b7e44000-b7e46000 rw-p b7e44000 00:00 0
b7e46000-b7e56000 r-xp 00000000 00:b6 221283274 /lib/libresolv-2.5.so
b7e56000-b7e57000 r--p 0000f000 00:b6 221283274 /lib/libresolv-2.5.so
b7e57000-b7e58000 rw-p 00010000 00:b6 221283274 /lib/libresolv-2.5.so
b7e58000-b7e5a000 rw-p b7e58000 00:00 0
b7e5e000-b7e62000 r-xp 00000000 00:b6 232815947 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so
b7e62000-b7e63000 rw-p 00003000 00:b6 232815947 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so
b7e63000-b7f8e000 r-xp 00000000 00:b6 232815803 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
b7f8e000-b7f93000 rw-p 0012a000 00:b6 232815803 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
b7f93000-b7f96000 rw-p b7f93000 00:00 0
b7f96000-b7fb1000 r-xp 00000000 00:b6 221283218 /lib/ld-2.5.so
b7fb1000-b7fb2000 r--p 0001a000 00:b6 221283218 /lib/ld-2.5.so
b7fb2000-b7fb3000 rw-p 0001b000 00:b6 221283218 /lib/ld-2.5.so
bf8e3000-bf8f8000 rw-p 7ffffffe9000 00:00 0 [stack]
 
Back
Top