Media Temple, for its part, runs multiple versions of Plesk depending on when customers acquired a server and whether they have upgraded service, their server may be running Plesk 8, 9, or 10 based on a random sampling of sites checked by Ars. Parallels did not respond to inquiries from Ars about the exploit. And some Plesk customers have expressed concern over whether the patches have been effective in shutting down the exploit, especially if they've already been hacked. Especially because of the last point, this is why we recommend that any compromised server have its passwords reset as soon as possible."īut even then, the damage may already have been done, through installation of other back-doors on the system. SQL injection), there is the potential for the attacker to maintain access to the server even after the original entry point was closed if they gained access to any user accounts. Because of the nature of the vulnerability (i.e. Any requests to agent.php after applying the updates should be harmless. "If not, and you see POST requests to agent.php that are not from you (or any components you have that may be integrating with Plesk), prior to applying the updates, this could be cause for concern. "If they were already at the identified update levels, you should be OK," he wrote. "Parallels takes the security of our customers very seriously and urges you to act quickly by applying these patches."īeyond applying the patch, Tyra said that fixing the vulnerability would also require the resetting of all customer's passwords. "Parallels has been informed of a SQL injection security vulnerability in some older versions of Plesk," the message read. That e-mail advised customers to apply updates immediately to versions 8, 9, and 10 of the software if they had not already been patched. But according to some customers, the e-mail alerting them to the critical nature of the vulnerability in unpatched versions of Plesk was not sent until February 10. Parallels product manager Blake Tyra said in a Plesk forum post that patches that fix the agent.php vulnerability have been available since September. In the case of the FTC hacks, it appears that just such an account was used to gain access to Media Temple's servers, pull data from the MySQL databases powering the Drupal and WordPress sites, and then delete the contents of the server and post new content-going well beyond the usual sort of web defacement. On some hosting platforms, it's also possible to create an FTP account that can gain access through a secure shell (SSH) terminal session, as documented by Media Temple's knowledge base. That sort of footprint makes Plesk a prime target for hackers looking to take control of websites. The software is also used by government and educational institutions the Department of Energy's Lawrence Berkeley National Laboratory uses it as part of its web self-service. Rackspace offers Plesk-based control of some hosting accounts, as does Media Temple-the hosting provider whose servers housed the FTC sites and, among others. Plesk is widely used in the hosting industry. And as with other control panel applications for hosted sites, such as CPanel, it can also draw on an "Application Vault" to install common software packages (i.e., Drupal CMS and WordPress blog software) that are preconfigured for the hosting environment. Originally developed by Virginia-based Plesk Inc., and acquired by Parallels (then SWSoft) in 2003, Plesk allows an administrator to create FTP and e-mail accounts, as well as manage other aspects of the associated hosting account. If your site is hosted with a provider that uses Plesk for site administration, it's worth taking a good look at the content on your server, and the accounts configured to access it-and resetting all your accounts' passwords. The vulnerability in the software, which is used for remote administration of hosted servers at a large number of Internet hosting companies, could spell bad news for hosting providers who haven't applied the latest updates, as well as their customers.īecause the vulnerability allows someone to make significant changes to the user accounts, files, and security of a targeted site, hackers who took advantage of the Plesk vulnerability may still have access to sites they have breached even after patches are applied. A critical vulnerability in some versions of Parallels' Plesk Panel control panel software appears to have been key to the recent penetration of two servers hosting websites for the Federal Trade Commission.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |