• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Search results

  1. danami

    Resolved Running plesk bin apache --listen-on-localhost true breaks PHP $_SERVER["SERVER_ADDR"];

    Some additional information from other users: $_SERVER['REMOTE_ADDR'] is showing (127.0.0.1) localhost $_SERVER['SERVER_ADDR'] is showing (127.0.0.1) localhost $_SERVER['HTTP_X_FORWARDED_FOR'] is showing correct IP address of the server $_SERVER['HTTP_X_REAL_IP'] is showing the correct IP...
  2. danami

    Issue Whmcs will not log user IPs and only shows localhost

    @EmperorFPI That recent fix is only for the the correct IP address being logged in Apache. It won't fix the PHP $_SERVER vars showing 127.0.0.1. The only way to fix this now is to disable the new Apache localhost feature with: plesk bin apache --listen-on-localhost false
  3. danami

    Question Warden Anti-spam and Virus Protection - license question

    @mschenk You cannot pick and choose which domains your license applies to as Warden scans all incoming and outgoing mail. Many clients use Warden exclusively to track all outgoing PHP based mail even if the domain doesn't have any mailboxes.
  4. danami

    Resolved SECURITY - attack surface : ports 7080 and 7081

    @Peter Debik I opened a bug report: https://talk.plesk.com/threads/running-plesk-bin-apache-listen-on-localhost-true-breaks-php-_server-server_addr.372069/
  5. danami

    Resolved Running plesk bin apache --listen-on-localhost true breaks PHP $_SERVER["SERVER_ADDR"];

    Username: TITLE Running plesk bin apache --listen-on-localhost true breaks PHP $_SERVER["SERVER_ADDR"]; PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE Product version: Plesk Obsidian 18.0.56.2 OS version: AlmaLinux 9.2 x86_64 Build date: 2023/10/26 16:00 Revision...
  6. danami

    Resolved SECURITY - attack surface : ports 7080 and 7081

    @Peter Debik Unfortunately in my testing it looks like there is another big issue with this change. After enabling "plesk bin apache --listen-on-localhost true" the PHP $_SERVER["SERVER_ADDR"] reports as "127.0.0.1" instead of the real server IP address. This means that any PHP applications...
  7. danami

    Resolved SECURITY - attack surface : ports 7080 and 7081

    Guys this is actually fixed in Plesk 18.0.56 Update 2 which was just released: https://docs.plesk.com/release-notes/obsidian/change-log/?18056#plesk-18056-mu2
  8. danami

    Resolved Curl error: (6) Couldn't resolve host name

    @TorbHo I'm not sure if this is related to your problem but there is a bug after updating Plesk to 18.0.56 where the Plesk panel interface PHP secure curl functions do not work properly unless the Plesk panel interface is restarted. We are seeing this issue with our Plesk extensions as the curl...
  9. danami

    Resolved Roundcube 1.6.4 is released. When will plesk upgrade to it?

    I'm surprised how fast an exploit can make the front page of Arstechnica :( Plesk is very quick at patching CVEs. I'm sure they are aware of the issue now that it's made front page of the tech news sites.
  10. danami

    Resolved Roundcube 1.6.4 is released. When will plesk upgrade to it?

    Wow that was quick. Looks like it's already being actively exploited: https://arstechnica.com/security/2023/10/pro-russia-hackers-target-inboxes-with-0-day-in-webmail-app-used-by-millions/
  11. danami

    Resolved CloudFlare 127.0.0.1

    @Peter Debik Just a note that this is a bug (PPPM-14170) when the new Apache listen on localhost is enabled. The Plesk developers already have it fixed and should release it shortly with one of the next updates :)
  12. danami

    Resolved CloudFlare 127.0.0.1

    @jsmp Try disabling the new "Apache listen on localhost" setting that was introduced in 18.0.56 and see if it fixes it for you: plesk bin apache --listen-on-localhost false
  13. danami

    Question Best solution in order to stop incoming spam to a plesk server

    You can do all of this and more using our Warden Anti-spam and Virus Protection extension. If money is tight and you don't want to use our extension then I recommend looking over this KB article for how to set tighter SMTPD restrictions in Postfix (Warden sets these automatically but you can do...
  14. danami

    Resolved SECURITY - attack surface : ports 7080 and 7081

    @Peter Debik There is no way that this should be enabled by default on new installs. This breaks all Apache modsecurity attack triggers and any Apache log statistics programs as the client address only reports 127.0.0.1 as the client address after enabling it.
  15. danami

    Question Juggernaut - by default, will or can it cause problems?

    That's exactly what the KB is for. Everything is there on a single page: https://www.danami.com/clients/knowledgebase/6/Juggernaut-Security-and-Firewall
  16. danami

    Question Juggernaut - by default, will or can it cause problems?

    I understand that Juggernaut can be a bit daunting for new users as it has a lot of options. For most new users I recommend going though the getting started guide: https://docs.danami.com/juggernaut/basics/getting-started That will get the majority of everything configured and shouldn't take...
  17. danami

    Resolved Juggernaut Security and Firewall Plesk Addon

    They are probably sending those out from any requests from the last month. CSF just pushed their fix a few weeks ago. All our extensions use https:// and download.maxmind.com as they recommend.
  18. danami

    Resolved Juggernaut Security and Firewall Plesk Addon

    My recommendation is to open a support ticket and have a support tech help you.
  19. danami

    Resolved Juggernaut Security and Firewall Plesk Addon

    If you search for the IP address in the dashboard search and it doesn't come up with any results, then it's not blocked on the firewall. It's not a firewall problem.
  20. danami

    Resolved Juggernaut Security and Firewall Plesk Addon

    > So by default, Juggernaut offers no way to see what IPs are being dropped? We follow the same defaults for logging that CSF uses for all Cpanel servers. Just enable Drop incoming logging as I mentioned if you really want them logged.
Back
Top