Plesk security best practices

Refers to:

  • Plesk

Created:

2016-11-16 12:59:11 UTC

Modified:

2017-02-19 18:31:02 UTC

2

Was this article helpful?


Have more questions?

Submit a request

Plesk security best practices

Question

Are there any tips for keeping Plesk secure?

Answer

General rule to secure Plesk is make sure the latest updates are installed. Also you can check more useful topics bellow.

1. Make sure you go through the list provided in the following articles and documentation:

2. Do not forget to check the Securing Plesk section of the Administrator's guide. Topics covered in this section include the following:

  • Restricting Administrative Access
  • Setting Up the Minimum Password Strength
  • Enhanced Security Mode
  • Using Secure FTP
  • SSL protection

3. Linux users may also check the advanced documentation pages related to Plesk for Linux security: Enhancing Security. This documentation covers the following topics:

  • Restricting script execution in the /tmp directory
  • Configuring site isolation settings
  • Protecting users from running tasks on behalf of root

4. If you are dealing with credit cards, this document is worth reading: Meeting PCI DSS Requirements for Plesk 12 Suite

5. It is recommended to be aware of these issues:

  • 115000652909 FTP users have access to root directory on server

  • 115000662365 SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability
  • 213366809 Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
  • 213914045 Remote vulnerability in Plesk (CVE-2012-1557)
  • 213913505 Plesk accepts both old and new admin passwords when integrated to CBM
  • 213383249 Public issues VU#310500, CVE-2013-0132, CVE-2013-0133

6. These articles may also be useful in certain scenarios:

  • 213949585 How can I run Rootkit Hunter with the update option?

  • 213378209 [Security] Defending against a SYN-Flood (DOS) Attack
  • 213943405 [Info] How to ensure that Apache does not allow the SSL 2.0/SSL 3.0 protocol
  • 213943625 [How to] RKHunter warning improvement
  • 213380789 How to prevent your Plesk from brute-force attacks
  • 213913725 How to set up a file audit on Windows server

TIP: Feel free to subscribe to updates to this article in order to keep track of new security issues.

Have more questions? Submit a request
Please sign in to leave a comment.