• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Web_user Security Problem

would creating a vhost/vhost_ssl conf file possibly solve the issue?
 
that is the change I made. I rebooted the server and then I passed the test. I have not retested again because it puts a major load on the server.

I'm not sure about the vhost_ssl. sorry.
 
Is there some way for me to test if UserDir is disabled (without running a full pCI scan)?
 
im not sure if this is a real test... and Im really tired right now but if you go to somedomain.com/~someuser

if webusers are disabled it gives a 404 not found error instead of a 403 forbidden. (this assumes that directory listing is disabled and there is no index.htm in the webusers root) I guess you could just setup a webuser in plesk under a domain and then put an index page in the root and then see if it displays.

Sorry not much help. im a windows guy lost in a sea of plesk/linux
 
Originally posted by JointTech
Sorry not much help. im a windows guy lost in a sea of plesk/linux [/B]
Click to expand...

Thanks for the tip -- I didn't think of checking that way -- like you I'm a long-time windows guy...
 
You must log in or register to reply here.

Similar threads

A
Parallels Plesk Pannel 11.0.9 Horde webmail vulnerability?
Replies
4
Views
3K
_Alberto_
A
J
SSL server accepts weak ciphers on port 12443
Replies
2
Views
4K
KirkM
KirkM
D
Plesk Login Transmits credentials in cleartext
Replies
1
Views
3K
Deoxymono
D
D
How do I turn off TRACK and TRACE HTTP please.
Replies
2
Views
5K
Dave-Brown
D
D
SSL/TLS Protocol Vulnerability PCI Scan
Replies
8
Views
20K
RalphP
R
Back
Top