Potentially ... but this is very unlikely.EvolutionCrazy wrote:Or does anybody that got a server running with plesk before september 2011 have to consider it "rooted"? :/
The recon happened in January. If you were vulnerable then, AND you were reconned AND (various other things) then your system's security would be in doubt.
There's also a few other things that people could have done - with hindsight! e.g. change Plesk's port, or block 8443 from the internet at your edge firewall, and set up a login page on the network that redirects to it (and is allowed). That would stop most recons.
Nobody has said where the recons came from, but I'm betting cn/ru/ro/ua IP-space? Or did they hire a botnet for the purpose?