Proftpd exploit with plesk

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Proftpd exploit with plesk

Unread post by faris »

EvolutionCrazy wrote:Or does anybody that got a server running with plesk before september 2011 have to consider it "rooted"? :/
Potentially ... but this is very unlikely.

The recon happened in January. If you were vulnerable then, AND you were reconned AND (various other things) then your system's security would be in doubt.

There's also a few other things that people could have done - with hindsight! e.g. change Plesk's port, or block 8443 from the internet at your edge firewall, and set up a login page on the network that redirects to it (and is allowed). That would stop most recons.

Nobody has said where the recons came from, but I'm betting cn/ru/ro/ua IP-space? Or did they hire a botnet for the purpose?
Last edited by faris on Sat Mar 03, 2012 8:58 pm, edited 1 time in total.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Top
EvolutionCrazy
Forum User
Forum User
Posts: 67
Joined: Wed Jun 01, 2005 5:52 pm

Re: Proftpd exploit with plesk

Unread post by EvolutionCrazy »

On the machines i was asked to inspect there were traces from everywhere.... Lot from the us.

Yeah a lot of things could have been done..... Even doing a rpm -e psa could have helped us all...

We need proper explanations from whose has access to the sources of agent. Php.....
Top
Post Reply

Return to “General Help and Development Discussion”