We Are Hacked Again!!!!!!!!!!!!!!!!!!!!!!!!!!!

[Markus@]

- A few months back in Plesk 7.5 we where hacked via php.

- The backup restore failed as a mess!!!!!!!!!!!!!!!

- So we installed a fresh Plesk 8.01 after this first hack and gently asked our customers to reinstall it all......

- NOW we got hacked again this time in Plesk 8.01 even if we did lots of php securing, cgi securing, tmp securing, we just got hacked again this in a few months time, and via a different method then the first hack, because in the first hack we had the entire source of the Turkish hacker and trough wich php site he came trough.

We manually global disabled the functions he used.

So now we are hacked again!!!!!!!!!!!!!!!!!!!

AND GUESS WHAT????????????????????


THE ****ING PLESK BACKUP FAILED AGAIN

IT ****ING FAILED AGAIN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

WHEN THE **** WILL THE ****ING PLESK BACKUP AND RESTORE WILL GO TO ****ING WORK??????????????????

WE NOW INSTALLED PLESK 8.10

IF WE HAVE AGAIN TROUBLES WITH HACKS AND NOT WORKING PLESK RESTORE WE WILL LAWSUIT SWSOFT FOR ITS STABILITY PROBLEMS WICH ARE PROVEN.

WE WILL NOT BE WAITING ANYMORE LONGER.

OR SWSOFT WILL GO TO DO ITS JOB WITH WORKING BACKUP AND RESTORE AND SECURITY OR WE WILL FILE A CLAIM.

WE ARE CUSTOMERS SINCE PLESK 2.5 AND WE HAD NOT ONE FLAWLESS UPGRADE, BACKUP, RESTORE, BULLETPROOF SECURITY.

 

[Markus@]

ONLY NEW FUNCTIONS WE GOT THAT COULD NOT BE BACKED UP AND STILL CANNOT BE BACKED UP, OR BETTER CANT BE RESTORED!!!!!!!!!!!!!!!!!!!!!

I AM TIRED OF DOING DOUBLE WORK GETTING ANGRY CUSTOMERS ON THE PHONE, PER E-MAIL, OR MY ISPS THAT ARE COMPLAINING CUSTOMERS CALL TO THEM TO ASK WHAT IS WRONG.

THIS IS NO JOKE, THE PLESK JOKE HAS TO STOP.

IF WE ARE HACKED ONE MORE TIME AND CANNOT DO A RESTORE WE WILL PERSONALLY LAWSUIT SWSOFT FOR NOT TAKING ITS RESPONSABILITY.

 

[Markus@]

The pleskrestore in 8.01:

- mysql databases where put back empty(database names and passwords itselfs where restored only, not the data inside it)

- all files where missing in httpdocs and httpsdocs
(directorynames and subdirectories only where restored, empty...)

- pleskrestore only restores plesk accounts, e-mail accounts, but for the rest email boxes are empty, databases are empty, webfolders are empty, ...............................

+ it did not gave any errors, neither it failed for reason x and y.

but this is not good enough, this is unacceptable.

 

[Markus@]

And the Plesk security, it SUCKS.

It does not secure anything!!!!!!!!!!!!!!!!!!!!!!!

It does not secure php well enough, it does not secure the tmp folder, it does not secure cgi enough, it does not secure the root system, neither the /var/www folders and neither the services used!

Http and mysql can easely be crashed!

SPAM!!!!!!!!!!!!!!!!

Plesk does not have anything to secure against spam!!!!!!!!!!!!!

The spamassassin does not work!!!!!!!!!!!!
Customers have to learn the filter!!!!!!

Nobody has time to do that!!!!!!!!!!!!

Plesk need to use RULESDUJOUR to feed with the most know attacks becaus enow, customers are cancelling services because they receive spam.

Working with spf does not work since nobody uses the webhosting as smtp, but they use the isp as relay!

The RBL blacklists, ......... we use them but they do not filter out anything, sorry, they filter to much, because huge isps are listed in it so customers are missing emails!!!!!!!!!

So, we are now for several months under spam attacks, and we cannot do anything!!!!!!!!!!!

And if we do, it is not compatible with the next update!

- descend plesk backup/restore, fully working, no exceptions
- descend spam filtering!!!!!!!
- descend automated server security configuration settings!
php, cgi, sendmail, smtp, imap, pop3, ...

and without extra configuring via the plesk panel because i get crazy of all features in plesk!!!!!!!

all the features are way to much to keep it understandable!!!!!

please minimize settings, secure it better, all these buttons for every plesk install drives me crazy.

 

[nullsystems]

Sadly, I afree. I would consider moving to Cpanel, however, 1and1 dont offer that ability.

 

[smkied]

Just so you know..... and I do sympathize with your problem it's a really shitty situation.

This is a user-user forum, so SWSoft staff don't really look at this at all.... so writing your long caps messages here, will not really get anything done for you. I recommend contacting SWSoft directly with your problem.

I hope this works out for you. However, I think moving to Plesk 8.1 was a bad idea since it has more issues than the previous versions of Plesk (from what I hear). A lot of people still insist that Plesk 7.5.4 was the best and most stable version so far.

 

[Whistler]

Originally posted by Markus
And the Plesk security, it SUCKS.

It does not secure anything!!!!!!!!!!!!!!!!!!!!!!!

It does not secure php well enough, it does not secure the tmp folder, it does not secure cgi enough, it does not secure the root system, neither the /var/www folders and neither the services used!

Http and mysql can easely be crashed!

SPAM!!!!!!!!!!!!!!!!

Plesk is a Controlpanel allowing your customers to easy manage their settings related to different aspects of hosting. A frontline product allowing customers (and administrators) to communicate easy with various backend functions on a hosting server.

Its not a automatic computerized systemadministrator or a security device designed to magically make your servers secure to hackers, crackers - or even your own customers.

I feel for your problems - as Plesk is not bugfree and still have many problems on different levels. But please keep in mind - a Controlpanel is not ment to replace a good human systemadministrator.

 

[nullsystems]

I agree entirely, nice put.
If you dont know what your doing at a command level without a front end ( typical of control panels ) I suggest you employ a fully qualified administrator to maintain your team and servers.

 

[skripx]

cpanel all the way.
You can get an unlimited license for under 40/month and unlimited support.
Why not.

 

[skripx]

Originally posted by Whistler
Plesk is a Controlpanel allowing your customers to easy manage their settings related to different aspects of hosting. A frontline product allowing customers (and administrators) to communicate easy with various backend functions on a hosting server.

Its not a automatic computerized systemadministrator or a security device designed to magically make your servers secure to hackers, crackers - or even your own customers.

I feel for your problems - as Plesk is not bugfree and still have many problems on different levels. But please keep in mind - a Controlpanel is not ment to replace a good human systemadministrator.

On the other hand cPanel DOES!!!!

 

[smkied]

Originally posted by skripx
On the other hand cPanel DOES!!!!

That's not really true....

I used cPanel and it brought on a whole slew of problems. Plus, the interface doesn't look nice at all and most of my clients were very happy to see the transition to Plesk.

 

[skripx]

Originally posted by smkied
That's not really true....

I used cPanel and it brought on a whole slew of problems. Plus, the interface doesn't look nice at all and most of my clients were very happy to see the transition to Plesk.

I know!
I like plesk because of it's layout and logic. By far the best for that.

I don't like the backup, Licensing and hard to manage packages like php, mysql.

In cPanel, I admit I hate the layout but I never have problems like plesk, all the cpanel Features do what they are suppost to. and not to mention all the features, I have have been managing cpanel servers for 3 years now and I don't even think I have used all the features, that shows how many there are. might not use them all but nice to know it’s there .

Most importantly, the cpanel support is the best I can't remember the last time I opened a support ticket and they didn't respond back in 5 minutes. and it's all included for the low monthly price under $40 and if you are a VPS user.... under $10 and it's unlimited everything.

I think I tried to open a plesk ticket once and I can't remember what happened but I think I had to pay extra.

I like plesk so we use it on our main website server and database server but all our customers have a cPanel server i think we might have a few Plesk server customers but our customers are about at least 97% cPanel not sure why but they prefer cPanel.

 

[smkied]

Plesk is for sure buggy at times.

What I have actually done is just hired the crew over at SeeksAdmin.com to manage my server for me and take care of all the problems that arise out of Plesk and it's working out great.

Normally Plesk support unlimited is $300/year.

 

[skripx]

Originally posted by smkied
Plesk is for sure buggy at times.

What I have actually done is just hired the crew over at SeeksAdmin.com to manage my server for me and take care of all the problems that arise out of Plesk and it's working out great.

Normally Plesk support unlimited is $300/year.

300/year???? not bad.

 

[smkied]

Originally posted by skripx
300/year???? not bad.

That's the support offered by SWSoft that is. Their response time is actually excellent, I got a reply in 5 minutes and I didn't even have a paid support license LOL.

SeeksAdmin costs me only $25/month and it covers things far beyond just Plesk support.... they secure my server, monitor uptime, install scripts, fix bugs, configure mysql and other things for best performance, etc.

 

[Whistler]

Originally posted by skripx In cPanel, I admit I hate the layout but I never have problems like plesk, all the cpanel Features do what they are suppost to. and not to mention all the features, I have have been managing cpanel servers for 3 years now and I don't even think I have used all the features, that shows how many there are. might not use them all but nice to know it’s there .

Or it could be showing that the product is feature exhausted, filled with features not needed, clogging up the interface... pulling attention away from interface improvements etc. (I'm only guessing, haven't used cPanel for some years now).

 

[Whistler]

Originally posted by skripx
On the other hand cPanel DOES!!!!

I promise you - no Controlpanel is better than:

1) your customers using your servers
2) your running software (apache, php, mysql, ftp, ssh, etc. etc.)
3) your firewall
4) your used passwords
5) the running scripts/applications
6) your choise of operatingsystem
7) your ability as systemadministrator to recognize/locate/stop hacking attempts/hackers when they try to install backdoors into your system.

etc.

It's simply wrong if you think a controlpanel alone secures your server.

 

[skripx]

well you may have a point.
But i think you will agree, when a customer needs mysql or php upgraded now, it;s nice to do it in 2 clicks of the mouse.

or even install and format a new harddrive and move a domains home directory there in 2 clicks. "rearange accounts"

or what about migrate your customers from 4 other controlpanels like helm or even plesk in 2 mouse clicks.

It's great to adminster.

 

[skripx]

I think all servers will have problems no matter what you do, no matter what controlpanel you use, if it's not a hacker it's a hardware problem.

The most important thing though! how fast will it be fixed???

 

[Whistler]

Originally posted by skripx
well you may have a point.
But i think you will agree, when a customer needs mysql or php upgraded now, it;s nice to do it in 2 clicks of the mouse.

or even install and format a new harddrive and move a domains home directory there in 2 clicks. "rearange accounts"

or what about migrate your customers from 4 other controlpanels like helm or even plesk in 2 mouse clicks.

It's great to adminster.

But if you can't secure your server - whats all the clicking worth?

Point-and-click is nice in some situations - agreed - and many things could be better in Plesk - also agreed.

And yes I also would like to se a better upgrade/security-fix path for Plesk in the future.

But to blame Plesk for a hacked server is not okay - as I'm pretty sure the hackers diden't get access to the server via Plesk itself.

(and btw. you can migrate customers from other panels also Plesk - with just a few clicks also in Plesk)