Plesk Interface has been compromised

Forum Moderators: LifeinAsia

Message Too Old, No Replies

Plesk Interface has been compromised

Client using Plesk sever has been infected.

bwnbwn

2:07 pm on Jul 10, 2012 (gmt 0)

I have a client that had a number of sites infected on a dedicated server. At first I thought is was some coding issues but not being able to find the entry point the client changed some coding on the infected site. This client has about 80 or so websites on their server.

More of the sites became infected in different folders all were .js folders with redirects to a downloader. I stopped the ones infected in IIS until we could figure out what was going on.

The host came back and said it looks like the Plesk interface has a weakness that is the entry point. Doing some research it looks like many other host using Plesk have also been hit.

Thought I would post this so others using Plesk can check their sites and make sure if there is a patch get it updated ASAP.

I am moving the client to a new server and doing away with plesk interface.

rocknbil

4:06 pm on Jul 10, 2012 (gmt 0)

Yeah we had a couple attacks like this. Update, upgrade . . . . WHM/Cpanel is just as vulnerable if not more so, it doesn't matter what you use, you just have to be vigilant.

bwnbwn

5:33 pm on Jul 10, 2012 (gmt 0)

I don't have anything to do with that end with this client they didn't want to pay me for this. After this they have added my fees to help maintain the server side end so at least it helped me add to my income. :)

robzilla

10:04 pm on Jul 10, 2012 (gmt 0)

Control panel-free for about 6 months now, highly recommended :-)