• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Weak Security settings

B

Binesh S

Regular Pleskian
I have found apache logs, an illegal default access


Sat Nov 10 22:59:09 2012] [error] [client 1.1.1.1] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
[Sat Nov 10 22:59:09 2012] [error] [client 2.2.2.2] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
[Sat Nov 10 23:02:06 2012] [error] [client 2.2.2.2] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
[Sat Nov 10 23:04:13 2012] [error] [client 1.1.1.1] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
[Sat Nov 10 23:04:13 2012] [error] [client 1.1.1.1] File does not exist: /var/www/vhosts/default/htdocs/autodiscover
[Sat Nov 10 23:07:10 2012] [error] [client 2.2.2.2] File does not exist: /var/www/vhosts/default/htdocs/autodiscover


Any patch update on this issue ?


FYI 1.1.1.1 & 2.2.2.2 sample IP address


Thanks
 
Last edited:
Yes I have already blocking IP from access. However the access should be block from coding level

Thanks
 
Binesh S said:
Yes I have already blocking IP from access. However the access should be block from coding level

Thanks
Click to expand...

Do you mean that we should block all known IPs of possible hacker's attacks in Plesk code? Or what do you mean?
 
There is utility like fail2ban IP for some time like one hour may prvent excessive access right ? I am not asking to ban all IPs is not good to application like temporarry solution or provide alerts failed attempts
 
You must log in or register to reply here.

Similar threads

L
Issue Wp Tool Kit Hopelessly Broke
Replies
4
Views
1K
Ladylinux
L
E
Issue PHP Chankro DOS attack
Replies
1
Views
1K
HHawk
HHawk
C
Question Why does the webserver try to serve from /var/www/vhosts/default/htdocs?
Replies
5
Views
698
Ceriana
C
TimReeves
Fail2Ban Jail needed for /var/log/sw-cp-server/error_log
Replies
5
Views
7K
roon
R
W
Resolved FTP error not working
Replies
2
Views
370
WilliamGm
W
Back
Top