• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Plesk Injection Vulnerability

M

MichaeC

Guest
We installed the necessary patches on 9.5.4 last night, and this morning STILL saw some logins to accounts.

Need to know the following:

1. How did they get the usernames to begin with?
2. Do they have the passwords now?
3. How are they still doing this?

The log is not showing much that they did when logging in or even if they got in at all using the API (the one in logs under admin)

Need more information about this..
 
MichaeC said:
We installed the necessary patches on 9.5.4 last night, and this morning STILL saw some logins to accounts.

Need to know the following:

1. How did they get the usernames to begin with?
2. Do they have the passwords now?
3. How are they still doing this?

The log is not showing much that they did when logging in or even if they got in at all using the API (the one in logs under admin)

Need more information about this..
Click to expand...

See here: http://forum.parallels.com/showthread.php?p=616004#post616004
 
You must log in or register to reply here.

Similar threads

D
Issue import backup
Replies
2
Views
707
dicker
D
M
Question Simple question about Plesk backups
Replies
2
Views
486
msospc
M
williamplk
Resolved Activate account by e-mail does not work
Replies
16
Views
2K
williamplk
williamplk
kristobal1969
Issue Migration problem with roundcube 1.6.9
Replies
0
Views
728
kristobal1969
kristobal1969
P
Question Connecting a second domain
Replies
2
Views
1K
pleskatarian
P
Back
Top