• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Why does plesk include facebook BACKDOOR to my server.

DanielMo

New Pleskian
So, PLESK is inserting a facebook like button inside a footer and on every page on my ADMIN panel for my webserver and is doing it with inserting a THIRD PARTY IFRAME, basically creating a backdoor to my webserver.

I dont know how high somebody had to be to include a FACEBOOK SDK to something like this. This is not some news portal where im a reader and they want me to like it so they can spam me.

This is tracking and it can be used for full root access to my webserver form a software that i paid for.
I dont want for facebook to track me ( which they do with this like button ). The get tracking for the simple fact that its included there, they get the URL im on and can read other propertyes, if im developing a facebookkiller.com and i want it hidden, now im ****ed because plesk decided that it would be great for facebook to know that.

And then there is a problem that you are using it in a way ( without even the sandbox property ) so that i have to trust facebook that it wont change the code and include some other trackers or something like that. There are logs, settings and everything that i would not let a stranger to do on my webserver why would i trust facebook.

Also what if somebody somehow got a cert for facebook.com or im connecting to plesk localy from within premises without https, it will try to load facebook without https.

If you want to add a like button go ahead and add a static image or something that is loaded locally but this is not acceptable.

Bildschirmfoto-2017-10-27-um-12.58.jpg Bildschirmfoto 2017-10-27 um 12.58.25.png
 
Last edited:
People tend to have different expectation to security and privacy. I know companies which prohibit wifi, and even some which prohibit all remote online connections, and actually US embassy required me to give them all my electronics. That's fine - there are different requirements and regulations in the world and we shall not expect everyone be the same. I honestly won't expect facebook stealing my root password, but that's me.

For extremely privacy-cautious people, we offer a way to disable disable facebook button.
It would take even less time than typing this post probably :)
Hope it helps
 
Back
Top