1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

What is the problem? We are hacked after upgrade..

Discussion in 'Plesk for Windows - 8.x and Older' started by em1ncan, Jan 22, 2007.

  1. em1ncan

    em1ncan Guest

    0
     
    Hi to all plesk users..
    I upgraded from plesk 7.6 reloaded for windows to plesk 8.1 3 days ago.. And since then my sites were hacked 2 times.. Some people are accessing to the httpdocs and deleting them. I know they dont have any admin pass because they cant do anything except deleting the httpdocs index and moving files to another directory.. I couldn't find the problem? Do I need to set any permissions manually? All the permissions are made by plesk install automatically. I didn't set any manual permission to any file.. Pls help me! The people who hacked me told me that there is a bug in plesk so he can access my files.. But he didnt tell what is it esactly and how i can correct that.. I and my server really feel unsecure.. Pls help me soon!

    thanks anyway..
     
  2. Bogdan

    Bogdan Guest

    0
     
    I saw this problem before. It was caused by wrong file permissions (psacln had full control over %plesk_vhosts% and all files and folders within) so the hacker just replaced the index files on all folders recursively.

    I recommend checking the file permissions manually and if you find any major problems, reset them using the Plesk reconfigurator.

    You can find the default permissions on a domain folder at ftp://download1.swsoft.com/Plesk/Plesk8.1/Windows/Docs/plesk-8.1-win-reconfigurator-guide/7167.htm but I recommend going through the entire Plesk reconfigurator documentation at ftp://download1.swsoft.com/Plesk/Plesk8.1/Windows/Docs/plesk-8.1-win-reconfigurator-guide.pdf

    Please let us know if you figure out this problem.
     
  3. sergius

    sergius Golden Pleskian

    28
    57%
    Joined:
    Nov 6, 2005
    Messages:
    1,898
    Likes Received:
    0
    Plesk 8.1 for Windows allow only "Read Attributes" and "This folder only" over %plesk_vhosts%
     
  4. Bogdan

    Bogdan Guest

    0
     
    You are right sergius, the problem I had was a while ago, with Plesk 7.0 and the wrong permissions were caused by human error not by Plesk. In any case, if this is the same problem, I think that running the Plesk configurator shoudl fix things.
     
  5. em1ncan

    em1ncan Guest

    0
     
    i didnt set any manual access setting for any directory.. Its what did plesk install do.. but i didnt directly upgrade. First i backed up my sites from 7.6 and uninstalled old plesk. Then i installed new plesk 8.1 and restored the old back up data.. Sites worked fine. Is my problem happened because of that? REstoring old backup to new plesk? I will uninstall and reinstall my plesk now.. I hope it will be secure after that install..
     
  6. em1ncan

    em1ncan Guest

    0
     
    will it be unsecure if i enable parent paths? because some of my sites are using parent paths... Can people access others file if i enable parent paths?
     
  7. andrey@

    andrey@ Guest

    0
     
Loading...