Page 2 of 2 FirstFirst 1 2
Results 21 to 29 of 29

Thread: Plesk 8.2 appears vulnerable

  1. #21
    Mega Poster
    Join Date
    Mar 2006
    Posts
    110

    Default let ,e explain my problem

    Hi,

    Let me explain my problem fully and you tell if it could be a hack,
    I have had no problem till i do first OS Reload, after that server was ok for one week till the planet updated my F-Secure and after a restart Server wents down, and they said another OS Reload, again they have do an Update on MY F-Secure and and another restart nothing happend but exactly a week latter and it was second restart, server didnt respond, this time outage ticket was going so long and they bringed back my server but no RDP just installed VNC and told me use that

    They told me some changes on Registry that closed RDP but i asked a security person, he told me for changes on Registry it needs someone to login with Administrator roll.... but if he login with administrator, why he closed RDP? why he didnt delete data? or changes data?

    and after that i done another os reload and then ordered a cisco firewall and F-secure installed again, but some days latter i saw an email on my server... IP Allert, server was restarted i logged into server and saw...wow.... F-Secure was unistalled? i created a ticket and TP installed it again another restart server comes back, again day after that i comed back. no F-Secure but No Restart... they said this is SWSoft Problem? could it be?
    Could it be hack really?

    Regards,
    Hamed
    hamed23100



  2. #22
    Mega Poster
    Join Date
    Mar 2006
    Posts
    110

    Default any new news? does problem solved

    Hi,

    Any new news about this problem? any one new who exprienced this problem?
    are others problem continue?

    Regards,
    Hamed
    hamed23100



  3. #23
    Mega Poster
    Join Date
    Nov 2004
    Posts
    210

    Default

    Guys, this is so easy to fix, just find another remote control software and install it on a different port than 3389 and then disable completly the rdc remote connections on port 3389.
    -- Professional Web Design --



  4. #24
    Kilo Poster
    Join Date
    May 2006
    Posts
    24

    Default

    RDP is rarely the issue in my experience, it is however usually anonymous ftp. I never allow anonymous ftp on any sites anywhere.



  5. #25

    Default

    make sure you change BOTH the VZPP root and PLESK admin passwords IMMEDIATELY after a INSTALL / REINSTALL since the PLESK "admin" user password remains as "setup" after re/install until you change it !
    Regards
    Clive
    [url]http://vizzr.info[/url]



  6. #26

    Default its windows not plesk

    i got a vps a lil while ago and within 24hrs i notice it was hacked and was running torrents in it, i had it rebuilt and again it was hacked by th etime i was logged in, i had them do it again and the same thing happened instantly upon creation before i could turn on the windows firewall, the last time i asked to have the vps guys turn on the windows firewall b4 they turned the server live.
    this solved the problem, windows firewall by default was not enabled , i dont know why they do this knowing its gonna get hacked.
    anyways, i dont have the details on the hack details right now as its been a lil while
    and it is not important the actual windows exploit they used to get root
    - it was a windows hack and not plesk, they loaded a windows exploit and created an admin user, then loaded the file sharing app
    -not a plesk hack
    -just remember turn on windows firewall immediatly, check for extra windows admins in user console
    - have them turn on firewall b4 the server is on
    - it is a scripted attack and once they have the ip they will keep attacking, and it happens so fast u cant stop it unless you start with a protected server
    - do not open any ports you dont need- ie sql, or they will be attacked, used a defined ip to allow connects if you must open a port



  7. #27

    Default

    Hi just to ilustrate i ordered a server from the Planet and it came with a trojan installed.

    the planet setup the server 8:00 am and 9:am i came to install the programs. the Kapersky antivirus was enabled by default and the NOD32 was no installed even the setup files was copied from the planet to the server. i install NOD32 reboot the machine disable Kapersky antivirus and do a full search i found a trojan in the System32 folder.

    i have a screenshot of this.. so take care with server that is setup in less one hour.

    Thanks



  8. #28

    Default it only takes 1 sec

    Quote Originally Posted by Modchips View Post
    Hi just to ilustrate i ordered a server from the Planet and it came with a trojan installed.

    the planet setup the server 8:00 am and 9:am i came to install the programs. the Kapersky antivirus was enabled by default and the NOD32 was no installed even the setup files was copied from the planet to the server. i install NOD32 reboot the machine disable Kapersky antivirus and do a full search i found a trojan in the System32 folder.

    i have a screenshot of this.. so take care with server that is setup in less one hour.

    Thanks
    once they run the server scan, it takes mere seconds to attack your computer.
    if you made it an hour you are doing good, i had mine exploited in mere seconds from goin only, the 2nd time it was restored, because they already knew a valid ip to attack,


    you must have windows firewall on b4 you turn your server on to the net!!!
    make sure to get all you updates as well



  9. #29

    Default

    do we turn off port 3389 and back on using plesk admin when we need to access???



Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •