Plesk 9.5.4 someone got access for each account

[sda0]

Hello
my server has restricted acccess by IP on each service: ssh, ftp

the only service not restricted is Plesk.
I noticed someone changed javascript file. But how?
THen I opened Plesk using my admin access
and I found all plesk clients in my Plesk interface logged in.
how is it possible if nobody has access?
Im only once who use this server - I dont give access to anyone

thanks

 

[abdi]

You need to upgrade to close that security hole ..Better still you can restrict access to port 8443 on those IPs you used for SSH & FTP.

You can do that via Plesk panel (am not sure about the old version) or even in your firewall.