• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Install plesk 8.6 from parallel server may be hacked?

S

Smashing

New Pleskian
I installed plesk 8.6 on fedora 8 recently. But when I used rkhunter to check server.
The result show /bin/ls, /bin/netstat, /bin/ps , /bin/find, /usr/bin/md5sum, /usr/bin/pstree, /usr/bin/top
/sbin/ifconfig, /usr/sbin/lsof has been changed, and found SHV4, SHV5 Rootkit.
And when I used netstat to check connection. I can't find port 80. Why? The httpd is start. But can't find 80 port??
And there is unknow traffic everyday.
What happend?
Before I installed plesk I also used rkhunter to check server. And everything is fine.
 
Where you have downloaded Plesk distribution package? Do you really think that official Plesk installation package has infected files inside?
 
I download parallels_installer_v3.4.1_build090204.18_os_FedoraCore_8_i386 from http://www.parallels.com/download/plesk86/

And I try it again. I installed a new server. and I use rkhunter to check server everything is ok. But after I installed the plesk the rkhunter find 2 rootkit. And /bin/ls, /bin/netstat, /bin/ps , /bin/find, /usr/bin/md5sum, /usr/bin/pstree, /usr/bin/top, /sbin/ifconfig, /usr/sbin/lsof has been changed.
It seems plesk changed the file.

I hope offical plesk package is ok. But everything seems so unusual.
 
But why you don't wish to use latest 9.3.0 Plesk version?
8.6.0 is very-very old Plesk.
 
Last edited:
Because I have bought the plesk 8.6 license. I do not have 9.x.
And I install it on the amazon ec2 server. Plesk 9.x seems have problem to install on ec2.
 
I attached the rkhunter log both before and after installed plesk.
 

Attachments

  • rkhunter result.zip
    20.6 KB · Views: 2
Thats definitely suspicious, but difficult to say if its malicious or not. Those warning are coming up because the immutable bit is set on those binaries, and that you have a non-root UID 0 account (plesk-root). Youre definitely running an unsupported OS too (FC8 was EOL'd in 2008 I think).
 
I know fedora 8 is old. But Amazon EC2 officical ami only have fedora 8 version. I only trust ami from Amazon. So this is the only one choice. My System is built by Amazon officical ami and I only used yum to install rkhunter and tripwire before installed plesk 8.6. And I did those step within 2 hours. And the plesk-root is beed added after I installed plesk.

I really have no idea what happend. I will try to install plesk on my own server. And maybe I will download the full install package to local and install it.
 
You must log in or register to reply here.

Similar threads

Manuel Kuhn
Issue Problems from debian 10 to 12
Replies
2
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
D
Issue Error installing mailman3
Replies
0
Views
1K
DBardaji
D
R
Issue Plesk repair -all error
Replies
5
Views
3K
jeromebeforebigbang
J
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
3K
Lenny
Lenny
D
Resolved Webmail 500 error after installing Plesk Premium Email
Replies
4
Views
2K
Peter Debik
P
Back
Top