New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Plesk allows unauthorized access
First that Linode Manager thing, now Plesk. Who'll be the next in line?
As @Aldryic said:
@Aldryic said: Choose your providers carefully, folks.
and your control panels too.
Read more @ arstechnica
Remote vulnerability in Plesk Panel @ parallels
Comments
We still don't know if was a vulnerability or was intentional.
And vulnerabilities... they exist all the time http://www.exploit-db.com/
Plesk always had and will always have vulnerabilities as they don't care to fix them, i found a serious vulnerability in Plesk in 2009 and i called them and emailed them about it and I'm still waiting for them to fix it, i actually did a whole report for them.
Anyway secure your VPS fully (disable port 22 etc), always keep software up-to-date and keep backups.
Nothing is 100% bullet proof. Not even the company @Aldryic works for.
Are we 100% sure that it isn't just the 'easy login' stuff it may have? I know WHMCS + cPanel have it so you just have to click through.
There was some random sec blog linked on WHT that was linking to some plesk exploit but the post was since removed so I'm not sure if it was found to be false or if the rusky's got it pulled down.
Francisco