critical security plesk issue
critical security plesk issue
Guys take a look at this. I just saw it and pushed right away an update to plesk 10.4.4. I hope I don't have problems with the update. It affects all plesk editions except 10.4.4 according to parallels. The best part is that there is no hotfix for plesk 10.3.1 !
http://kb.parallels.com/en/113321
http://kb.parallels.com/en/113321
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
Re: critical security plesk issue
Scott and Mike,
Havent you found a any way to filter again using modsecurity plesk panel ?
I miss those times when I could sleep slightly better at night... !
Havent you found a any way to filter again using modsecurity plesk panel ?
I miss those times when I could sleep slightly better at night... !
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
Re: critical security plesk issue
it's covered by ASL 3.0.20.
Please see post https://atomicorp.com/forums/viewtopic.php?f=8&t=5773
Please see post https://atomicorp.com/forums/viewtopic.php?f=8&t=5773
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: critical security plesk issue
Yup! This framework will let us add the WAF to any web based service... and maybe ftp but I didnt spend a lot of time on that.
-
- Verified Vendor
- Posts: 3
- Joined: Mon Mar 05, 2012 8:36 pm
- Location: Seattle, WA
Re: critical security plesk issue
Note, this was address for 10.3.1 in MicroUpdate #5 in September 2011 (updates were also issued at that time for 9.5 and 8.6). Further, no base version (e.g. without MU's applied) were vulnerable after 10.4.0 in November 2011.nobody wrote:Guys take a look at this. I just saw it and pushed right away an update to plesk 10.4.4. I hope I don't have problems with the update. It affects all plesk editions except 10.4.4 according to parallels. The best part is that there is no hotfix for plesk 10.3.1 !
http://kb.parallels.com/en/113321
Re: critical security plesk issue
Damn. How did I miss on that ? Fine job once again !scott wrote:Yup! This framework will let us add the WAF to any web based service... and maybe ftp but I didnt spend a lot of time on that.
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
Re: critical security plesk issue
For the avoidance of doubt, I assume this is the same issue with Agent that we've discussed http://www.atomicorp.com/forum/viewtopi ... =13&t=5731 or is it something different?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: critical security plesk issue
Incidentally, there does appear to be a new MU for Plesk 8.6. MU11. Nothing to do with Agent. Looks related to Webmail to me.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
-
- Verified Vendor
- Posts: 3
- Joined: Mon Mar 05, 2012 8:36 pm
- Location: Seattle, WA
Re: critical security plesk issue
Same issue.faris wrote:For the avoidance of doubt, I assume this is the same issue with Agent that we've discussed http://www.atomicorp.com/forum/viewtopi ... =13&t=5731 or is it something different?
-
- Verified Vendor
- Posts: 3
- Joined: Mon Mar 05, 2012 8:36 pm
- Location: Seattle, WA
Re: critical security plesk issue
For 8.6, this issue was resolved via MU#2 - released in September 2011.faris wrote:Incidentally, there does appear to be a new MU for Plesk 8.6. MU11. Nothing to do with Agent. Looks related to Webmail to me.
Re: critical security plesk issue
Guys Plesk 10.4.4 works like a charm up till now. Which is a pleasant surprise. Never happened before
Blake when will they fix the issue in which you can move customers between ressellers ? This was a major stepback from version 9 to version 10 ...
Blake when will they fix the issue in which you can move customers between ressellers ? This was a major stepback from version 9 to version 10 ...
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
Re: critical security plesk issue
Thank you for update.Blake@Parallels wrote:For 8.6, this issue was resolved via MU#2 - released in September 2011.faris wrote:Incidentally, there does appear to be a new MU for Plesk 8.6. MU11. Nothing to do with Agent. Looks related to Webmail to me.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
-
- Forum User
- Posts: 7
- Joined: Wed Feb 03, 2010 8:14 pm
- Location: Surrey, BC
Re: critical security plesk issue
My 8.6 is patched. I'm Mr Linux/Plesk Newb Question Man today.
1. I also running a 9.3, so I guess I have to update to 9.5.4?
2. In theory should I have any problems upgrading if I updated the PHP to 5.2 using the AtomicCorp repo?
3. Is it safer to install the updates one at a time or can I jump straight to 9.5.4?
Thanks in adavance!
1. I also running a 9.3, so I guess I have to update to 9.5.4?
2. In theory should I have any problems upgrading if I updated the PHP to 5.2 using the AtomicCorp repo?
3. Is it safer to install the updates one at a time or can I jump straight to 9.5.4?
Thanks in adavance!
Re: critical security plesk issue
1. I would upgrade
2. You never know, each installation/servermight have different settings. Take care of a godd and complete backup
3. I stick with updating plesk over yum. Than i run the autoinstaller to install MU's. If I would go (which I don't do) and do it via webinterface of Plesk I would update one-by-one.
But thats just my opinion.
2. You never know, each installation/servermight have different settings. Take care of a godd and complete backup
3. I stick with updating plesk over yum. Than i run the autoinstaller to install MU's. If I would go (which I don't do) and do it via webinterface of Plesk I would update one-by-one.
But thats just my opinion.
Re: critical security plesk issue
Guys. Its the first time that I see great improvement in Plesk after 3 years. Plesk 10.4.4 seems to actually function ! I still seek to find what it has broken, thats good !
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego