Search results

@mschenk If your applications are sending out using the PHP mail function then you should enable the X-PHP-Originating-Script header...

@Peter Debik Yes I agree that there isn't a way for Plesk developers to fix this. The big problem is that there are so many PHP applications that can't handle this new change. Webpros own WHMCS breaks entirely as it invalidates the their WHMCS license checks and remote client logging. My take is...

Some additional information from other users: $_SERVER['REMOTE_ADDR'] is showing (127.0.0.1) localhost $_SERVER['SERVER_ADDR'] is showing (127.0.0.1) localhost $_SERVER['HTTP_X_FORWARDED_FOR'] is showing correct IP address of the server $_SERVER['HTTP_X_REAL_IP'] is showing the correct IP...

@EmperorFPI That recent fix is only for the the correct IP address being logged in Apache. It won't fix the PHP $_SERVER vars showing 127.0.0.1. The only way to fix this now is to disable the new Apache localhost feature with: plesk bin apache --listen-on-localhost false

@mschenk You cannot pick and choose which domains your license applies to as Warden scans all incoming and outgoing mail. Many clients use Warden exclusively to track all outgoing PHP based mail even if the domain doesn't have any mailboxes.

@Peter Debik I opened a bug report: https://talk.plesk.com/threads/running-plesk-bin-apache-listen-on-localhost-true-breaks-php-_server-server_addr.372069/

Username: TITLE Running plesk bin apache --listen-on-localhost true breaks PHP $_SERVER["SERVER_ADDR"]; PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE Product version: Plesk Obsidian 18.0.56.2 OS version: AlmaLinux 9.2 x86_64 Build date: 2023/10/26 16:00 Revision...

@Peter Debik Unfortunately in my testing it looks like there is another big issue with this change. After enabling "plesk bin apache --listen-on-localhost true" the PHP $_SERVER["SERVER_ADDR"] reports as "127.0.0.1" instead of the real server IP address. This means that any PHP applications...

Guys this is actually fixed in Plesk 18.0.56 Update 2 which was just released: https://docs.plesk.com/release-notes/obsidian/change-log/?18056#plesk-18056-mu2

@TorbHo I'm not sure if this is related to your problem but there is a bug after updating Plesk to 18.0.56 where the Plesk panel interface PHP secure curl functions do not work properly unless the Plesk panel interface is restarted. We are seeing this issue with our Plesk extensions as the curl...

I'm surprised how fast an exploit can make the front page of Arstechnica :( Plesk is very quick at patching CVEs. I'm sure they are aware of the issue now that it's made front page of the tech news sites.

Wow that was quick. Looks like it's already being actively exploited: https://arstechnica.com/security/2023/10/pro-russia-hackers-target-inboxes-with-0-day-in-webmail-app-used-by-millions/

@Peter Debik Just a note that this is a bug (PPPM-14170) when the new Apache listen on localhost is enabled. The Plesk developers already have it fixed and should release it shortly with one of the next updates :)

@jsmp Try disabling the new "Apache listen on localhost" setting that was introduced in 18.0.56 and see if it fixes it for you: plesk bin apache --listen-on-localhost false

You can do all of this and more using our Warden Anti-spam and Virus Protection extension. If money is tight and you don't want to use our extension then I recommend looking over this KB article for how to set tighter SMTPD restrictions in Postfix (Warden sets these automatically but you can do...

@Peter Debik There is no way that this should be enabled by default on new installs. This breaks all Apache modsecurity attack triggers and any Apache log statistics programs as the client address only reports 127.0.0.1 as the client address after enabling it.

That's exactly what the KB is for. Everything is there on a single page: https://www.danami.com/clients/knowledgebase/6/Juggernaut-Security-and-Firewall

I understand that Juggernaut can be a bit daunting for new users as it has a lot of options. For most new users I recommend going though the getting started guide: https://docs.danami.com/juggernaut/basics/getting-started That will get the majority of everything configured and shouldn't take...

They are probably sending those out from any requests from the last month. CSF just pushed their fix a few weeks ago. All our extensions use https:// and download.maxmind.com as they recommend.

My recommendation is to open a support ticket and have a support tech help you.