Plesk 8.2 appears vulnerable

Discussion in 'Parallels Plesk Panel for Windows - 8.x and Older' started by pseconds, Dec 15, 2007.

  1. hamed23100

    hamed23100 New Member

    Messages:
    110
    let ,e explain my problem

    Hi,

    Let me explain my problem fully and you tell if it could be a hack,
    I have had no problem till i do first OS Reload, after that server was ok for one week till the planet updated my F-Secure and after a restart Server wents down, and they said another OS Reload, again they have do an Update on MY F-Secure and and another restart nothing happend but exactly a week latter and it was second restart, server didnt respond, this time outage ticket was going so long and they bringed back my server but no RDP just installed VNC and told me use that

    They told me some changes on Registry that closed RDP but i asked a security person, he told me for changes on Registry it needs someone to login with Administrator roll.... but if he login with administrator, why he closed RDP? why he didnt delete data? or changes data?

    and after that i done another os reload and then ordered a cisco firewall and F-secure installed again, but some days latter i saw an email on my server... IP Allert, server was restarted i logged into server and saw...wow.... F-Secure was unistalled? i created a ticket and TP installed it again another restart server comes back, again day after that i comed back. no F-Secure but No Restart... they said this is SWSoft Problem? could it be?
    Could it be hack really?

    Regards,
    Hamed
  2. hamed23100

    hamed23100 New Member

    Messages:
    110
    any new news? does problem solved

    Hi,

    Any new news about this problem? any one new who exprienced this problem?
    are others problem continue?

    Regards,
    Hamed
  3. henry@

    henry@ New Member

    Messages:
    210
    Guys, this is so easy to fix, just find another remote control software and install it on a different port than 3389 and then disable completly the rdc remote connections on port 3389.
  4. Zan_

    Zan_ New Member

    Messages:
    24
    RDP is rarely the issue in my experience, it is however usually anonymous ftp. I never allow anonymous ftp on any sites anywhere.
  5. osde8info

    osde8info New Member

    Messages:
    5
    make sure you change BOTH the VZPP root and PLESK admin passwords IMMEDIATELY after a INSTALL / REINSTALL since the PLESK "admin" user password remains as "setup" after re/install until you change it !
  6. crackdaddy

    crackdaddy New Member

    Messages:
    11
    its windows not plesk

    i got a vps a lil while ago and within 24hrs i notice it was hacked and was running torrents in it, i had it rebuilt and again it was hacked by th etime i was logged in, i had them do it again and the same thing happened instantly upon creation before i could turn on the windows firewall, the last time i asked to have the vps guys turn on the windows firewall b4 they turned the server live.
    this solved the problem, windows firewall by default was not enabled , i dont know why they do this knowing its gonna get hacked.
    anyways, i dont have the details on the hack details right now as its been a lil while
    and it is not important the actual windows exploit they used to get root
    - it was a windows hack and not plesk, they loaded a windows exploit and created an admin user, then loaded the file sharing app
    -not a plesk hack
    -just remember turn on windows firewall immediatly, check for extra windows admins in user console
    - have them turn on firewall b4 the server is on
    - it is a scripted attack and once they have the ip they will keep attacking, and it happens so fast u cant stop it unless you start with a protected server
    - do not open any ports you dont need- ie sql, or they will be attacked, used a defined ip to allow connects if you must open a port
  7. Modchips

    Modchips New Member

    Messages:
    5
    Hi just to ilustrate i ordered a server from the Planet and it came with a trojan installed.

    the planet setup the server 8:00 am and 9:am i came to install the programs. the Kapersky antivirus was enabled by default and the NOD32 was no installed even the setup files was copied from the planet to the server. i install NOD32 reboot the machine disable Kapersky antivirus and do a full search i found a trojan in the System32 folder.

    i have a screenshot of this.. so take care with server that is setup in less one hour.

    Thanks
  8. crackdaddy

    crackdaddy New Member

    Messages:
    11
    it only takes 1 sec

    once they run the server scan, it takes mere seconds to attack your computer.
    if you made it an hour you are doing good, i had mine exploited in mere seconds from goin only, the 2nd time it was restored, because they already knew a valid ip to attack,


    you must have windows firewall on b4 you turn your server on to the net!!!
    make sure to get all you updates as well
  9. JacqueD

    JacqueD New Member

    Messages:
    1
    do we turn off port 3389 and back on using plesk admin when we need to access???

Share This Page