• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Plesk server hacked

Luiz_Gustavo

Luiz_Gustavo

Basic Pleskian
Hello,

A customer plesk running Ubuntu 12.08 and Plesk 12.0.18 was hacked tonight.
He sents a file to one subscription using a vulnerable uploadfy.swf on that site, after upload the file the hacker change something in users shadow or other that I dont understand and run a su with root

su[21158]: Successful su for r00t by www-data
su[21158]: pam_unix(su:session): session opened for user r00t by (uid=33)

After successfull "su" he run a script that changes all INDEX.PHP in all subscriptions (more than 500)

My thechnician restor the user files and the server, after this issue we upgrade the plesk to 17.0.18 and update all Ubuntu 12 packages.

Any ideia to help me prevent another problem like this?

Thanks for any help,

Gustavo
 
Gustavo_Morgado said:
we upgrade the plesk to 17.0.18 and update all Ubuntu 12 packages.
Click to expand...
It would be better to migrate to latest Plesk Onyx 17.5 installed on Ubuntu 16.0.4. A lot of security issues were fixed there and Security Advisor extension was implemented.
 
Hi Igor,

I’ll do it as soon as possible, but we have many servers with same configuration. I need to prevent problems like this until we have time to plan and migrate.

Do you Know if I can do a dist-upgrade to 14 and 16 followed by Plesk upgrade. I afraid this procedure break something, the correct is a fresh install and migrate with Plesk migrator, but only in this server there areas 500 sites and more than 2.500 email accounts
 
You must log in or register to reply here.

Similar threads

learning_curve
Resolved Permissions on some of the files packaged by Plesk are incorrect[ERROR] - Post 18.0.69 Upgrade
Replies
19
Views
971
learning_curve
learning_curve
M
Resolved Plesk restore from a ZIP after server failure.
Replies
0
Views
459
mad_inventor
M
WebHostingAce
Question Wordpress Hacked! Unusual Plesk Behavior
Replies
9
Views
4K
WebHostingAce
WebHostingAce
D
Question Service Unavailable port 8443 Plesk Not Working
Replies
1
Views
7K
Kaspar@Plesk
Kaspar@Plesk
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
3K
NewGate
N
Back
Top