1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Weak Security settings

Discussion in 'Plesk 11.x for Linux' started by Binesh S, Nov 10, 2012.

  1. Binesh S

    Binesh S Regular Pleskian

    27
    23%
    Joined:
    Jun 24, 2009
    Messages:
    119
    Likes Received:
    1
    I have found apache logs, an illegal default access


    Sat Nov 10 22:59:09 2012] [error] [client 1.1.1.1] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
    [Sat Nov 10 22:59:09 2012] [error] [client 2.2.2.2] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
    [Sat Nov 10 23:02:06 2012] [error] [client 2.2.2.2] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
    [Sat Nov 10 23:04:13 2012] [error] [client 1.1.1.1] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
    [Sat Nov 10 23:04:13 2012] [error] [client 1.1.1.1] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
    [Sat Nov 10 23:07:10 2012] [error] [client 2.2.2.2] File does not exist: /var/www/vhosts/default/htdocs/autodiscover


    Any patch update on this issue ?


    FYI 1.1.1.1 & 2.2.2.2 sample IP address


    Thanks
     
    Last edited: Nov 11, 2012
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,554
    Likes Received:
    1,241
    Location:
    Novosibirsk, Russia
    You can just block these IPs by firewall at least.
     
  3. Binesh S

    Binesh S Regular Pleskian

    27
    23%
    Joined:
    Jun 24, 2009
    Messages:
    119
    Likes Received:
    1
    Yes I have already blocking IP from access. However the access should be block from coding level

    Thanks
     
  4. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,554
    Likes Received:
    1,241
    Location:
    Novosibirsk, Russia
    Do you mean that we should block all known IPs of possible hacker's attacks in Plesk code? Or what do you mean?
     
  5. Binesh S

    Binesh S Regular Pleskian

    27
    23%
    Joined:
    Jun 24, 2009
    Messages:
    119
    Likes Received:
    1
    There is utility like fail2ban IP for some time like one hour may prvent excessive access right ? I am not asking to ban all IPs is not good to application like temporarry solution or provide alerts failed attempts
     
Loading...