• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Plesk Injection Vulnerability

M

MichaeC

Guest
We installed the necessary patches on 9.5.4 last night, and this morning STILL saw some logins to accounts.

Need to know the following:

1. How did they get the usernames to begin with?
2. Do they have the passwords now?
3. How are they still doing this?

The log is not showing much that they did when logging in or even if they got in at all using the API (the one in logs under admin)

Need more information about this..
 
MichaeC said:
We installed the necessary patches on 9.5.4 last night, and this morning STILL saw some logins to accounts.

Need to know the following:

1. How did they get the usernames to begin with?
2. Do they have the passwords now?
3. How are they still doing this?

The log is not showing much that they did when logging in or even if they got in at all using the API (the one in logs under admin)

Need more information about this..
Click to expand...

See here: http://forum.parallels.com/showthread.php?p=616004#post616004
 
You must log in or register to reply here.

Similar threads

D
Issue import backup
Replies
2
Views
707
dicker
D
M
Question Simple question about Plesk backups
Replies
2
Views
488
msospc
M
williamplk
Resolved Activate account by e-mail does not work
Replies
16
Views
2K
williamplk
williamplk
kristobal1969
Issue Migration problem with roundcube 1.6.9
Replies
0
Views
730
kristobal1969
kristobal1969
P
Question Connecting a second domain
Replies
2
Views
1K
pleskatarian
P
Back
Top