Welcome to WebmasterWorld Guest from 54.167.40.25

Forum Moderators: LifeinAsia & httpwebwitch

Message Too Old, No Replies

Plesk Interface has been compromised

Client using Plesk sever has been infected.

     
2:07 pm on Jul 10, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3492
votes: 3


I have a client that had a number of sites infected on a dedicated server. At first I thought is was some coding issues but not being able to find the entry point the client changed some coding on the infected site. This client has about 80 or so websites on their server.

More of the sites became infected in different folders all were .js folders with redirects to a downloader. I stopped the ones infected in IIS until we could figure out what was going on.

The host came back and said it looks like the Plesk interface has a weakness that is the entry point. Doing some research it looks like many other host using Plesk have also been hit.

Thought I would post this so others using Plesk can check their sites and make sure if there is a patch get it updated ASAP.

I am moving the client to a new server and doing away with plesk interface.
4:06 pm on July 10, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Yeah we had a couple attacks like this. Update, upgrade . . . . WHM/Cpanel is just as vulnerable if not more so, it doesn't matter what you use, you just have to be vigilant.
5:33 pm on July 10, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3492
votes: 3


I don't have anything to do with that end with this client they didn't want to pay me for this. After this they have added my fees to help maintain the server side end so at least it helped me add to my income. :)
10:04 pm on July 10, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:968
votes: 69


Control panel-free for about 6 months now, highly recommended :-)