So, PLESK is inserting a facebook like button inside a footer and on every page on my ADMIN panel for my webserver and is doing it with inserting a THIRD PARTY IFRAME, basically creating a backdoor to my webserver.
I dont know how high somebody had to be to include a FACEBOOK SDK to something like this. This is not some news portal where im a reader and they want me to like it so they can spam me.
This is tracking and it can be used for full root access to my webserver form a software that i paid for.
I dont want for facebook to track me ( which they do with this like button ). The get tracking for the simple fact that its included there, they get the URL im on and can read other propertyes, if im developing a facebookkiller.com and i want it hidden, now im ****ed because plesk decided that it would be great for facebook to know that.
And then there is a problem that you are using it in a way ( without even the sandbox property ) so that i have to trust facebook that it wont change the code and include some other trackers or something like that. There are logs, settings and everything that i would not let a stranger to do on my webserver why would i trust facebook.
Also what if somebody somehow got a cert for facebook.com or im connecting to plesk localy from within premises without https, it will try to load facebook without https.
If you want to add a like button go ahead and add a static image or something that is loaded locally but this is not acceptable.
I dont know how high somebody had to be to include a FACEBOOK SDK to something like this. This is not some news portal where im a reader and they want me to like it so they can spam me.
This is tracking and it can be used for full root access to my webserver form a software that i paid for.
I dont want for facebook to track me ( which they do with this like button ). The get tracking for the simple fact that its included there, they get the URL im on and can read other propertyes, if im developing a facebookkiller.com and i want it hidden, now im ****ed because plesk decided that it would be great for facebook to know that.
And then there is a problem that you are using it in a way ( without even the sandbox property ) so that i have to trust facebook that it wont change the code and include some other trackers or something like that. There are logs, settings and everything that i would not let a stranger to do on my webserver why would i trust facebook.
Also what if somebody somehow got a cert for facebook.com or im connecting to plesk localy from within premises without https, it will try to load facebook without https.
If you want to add a like button go ahead and add a static image or something that is loaded locally but this is not acceptable.
Last edited: