ok i wasn't sure where to put this, so i put it at the end...
I agree with many many of the ideas, comments, and opinions posted in this thread in regards to hacking, security and responsibility for a person's server security... Heck, i even have a security guy go through and "check/fix" anything he finds wrong with it,(Security guy "everything looks good" (two weeks ago)) the issue i have with plesk right now is this...
Watchdog (System monitoring module) Mar 22, 2007 Mar 22, 2007 You have an up to date version
it runs every week on my system and said everything was fine...well that is, up until 2 days ago when everything was fine in the report i got sent by the system, but the data center is telling me my system was involved in a DDOS attack, and when i try to login to it, i can't through ssh, the CP still lets me in, but no ssh there either.. my ftp works just fine... so my user password hasn't been changed..
My login works from the console, and so does the root login (that's disabled in SSH and i use a non-standard port and only ssh2) the server's had yum ran on it and pretty much EVERYTHING works except for remote access...
so, where should i place the blame for this?, i ran yum update, and the older programs were patched or updated, even had this system online and open to the internet for almost 4 years now, yet, within a short period of time after updating to 8.1.1 my data center's telling me my box is compromised?
OK, just to be fair... there are network and server admins out there who have forgotten more about servers than i will EVER probably learn, but some thing's got to be up with this..
funniest part is, watchdog says everything is OK, except it's not too happy with some of the "older or patched" versions of 4 applications...
so where do i go from here? I'm paying remote hands that know what they are doing (yes my server is colo) to look at a system that no one can get into (with enough access or permissions to do anything) except from the console, (ssh/telnet flat will not work) and now paying them to install an OS on one of my other servers there and move my sites and files over...
I love plesk, the features the interface (hate cPanel) the applications, and the ease of management, but i'm going on my "umpteenth" issue over the past 4 years,and each of the major ones have been due to the plesk software, migration, and/or updates, whatever the cause i have gone from having a need for a 100 domain lic down to less than 30 again... and honestly it's due to problems that i feel are the result of plesk's (insert item here) breaking or messing something up...
No there are no other items running on the system that can be exploited, clients aren't given shell access for any reason, hell even the uptime eggdrop will ignore you completely if you don't know how to access it.. so i'm stuck a bit, perplexed, confused, aggravated, and just plain tired of having to deal with these issues, only to come here and find out that i'm not the only one having them...
I'm having the data center leave the box intact so it can be brought here for testing on an isolated internal network (yeah i got some toys here) I have a real hard time believing that the guys at the data center have 5 hours into this and can't get ssh up and running to where it's accessible from the outside world.. But since it's colo, (250+ miles way) i am forced to take their word for it..
it's fedora C2 and plesk 8.1.1
Facebook
Twitter
To start with, you need to upgrade that ASAP, it was EOL'd almost a year ago. There are vulnerabilities in that platform that there are no fixes for. Second thing, watchdog uses rkhunter for security monitoring, which is awesome for what its good at, provided its kept up to date, and the signatures for it are also maintained. Unfortunately, because of the first issue, it is not maintained well for your platform.
