Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- JPCERT-AT-2013-0018
- JPCERT / CC
- 2013-04-08
- <<< JPCERT / CC Alert 2013-04-08 >>>
- Attention on the use of a previous version of Parallels Plesk Panel
- https://www.jpcert.or.jp/at/2013/at130018.html
- I. Overview
- In JPCERT / CC, Apache module that was incorrectly installed on the server
- Web tampering with JavaScript you more when browsing Web site is not intended to be inserted
- I have received a number of reports on. When you visit a site that has been tampered with, the results
- There is a possibility that the user's PC is infected with malware as.
- Hay Center - According to the information received by, at these sites, end-of-support date
- Previous version of Parallels Plesk Panel that contains the version of the slice is often used
- It is the thing with being. to the server where Parallels Plesk Panel is running,
- Software (MySQL, BIND, such as phpMyAdmin) various attendant is installed
- May have been the user is aware that use of these software
- For thin, in many cases you are running an old version of the inherent vulnerability
- To.
- All of the cases on the establishment Apache Web falsification of this is the wrong module brittle
- Have not been confirmed and is intended to and caused by the vulnerability, like that inherent vulnerabilities
- If you are performing the operation in the state, exploiting the vulnerability by an attacker, such as falsification Web
- So may be subject to damage from the viewpoint of prevention, Parallels
- Also other software as well as body Plesk Panel, and products are included in the OS
- I recommend that you include to update to the latest state.
- Some attacks, SQL that exist in the previous version of Parallels Plesk Panel
- Account information is stolen or using injection vulnerabilities, the initial configuration
- If you have set your password or simple password dictionary attack by the red
- Now check the case count information is identified, have been made invalid login
- To. Also, after logging in, using the cron manager feature of Parallels Plesk Panel
- Te malicious scripts to work, Apache module as a result of incorrect installation
- I have also confirmed that it is.
- Measures. II
- If you are using Parallels Plesk Panel to manage your Web site more than
- Please consider measures below.
- - Update to the latest version of Parallels Plesk Panel
- - OS included in the server, update the latest software
- - To restrict access to the Parallels Plesk Panel
- (Eg, limited to a specific IP address)
- - Set a secure password
- - The task of root privileges from the settings screen of Parallels Plesk Panel that uses
- Prohibits the execution (* 1)
- In the following cases, the default setting (* 1), Parallels Plesk Panel is the utility
- We are allowed to run as root and script properties.
- - Scheduling of tasks in cron manager (version 8-11)
- - Event handling in the Event Manager tool (version 11)
- In order to prohibit the operation of these, an empty file in the following path and file name
- Please create. $ PRODUCT_ROOT_D is RPM-based systems
- / Please read on systems usr / local / psa, the DEB-based and / opt / psa.
- $ PRODUCT_ROOT_D / var / root.crontab.lock
- $ PRODUCT_ROOT_D / var / root.event.handler.lock
- For more information, see the following "Protecting from Running Tasks on Behalf of root"
- Please.
- Enhancing Security
- http://download1.parallels.com/Plesk/PP11/11.0/Doc/en-US/online/plesk-linux-advanced-administration-guide/68755.htm
- Reference information III.
- Parallels
- Parallels Plesk Panel 11.0 for Linux Release Notes
- http://download1.parallels.com/Plesk/PP11/11.0/release-notes/ja-JP/parallels-plesk-panel-11.0-for-linux-based-os.html
- Parallels
- Best practices for security of Parallels Plesk Panel
- http://kb.parallels.com/jp/114620
- Parallels
- Enhancing Security
- http://download1.parallels.com/Plesk/PP11/11.0/Doc/en-US/online/plesk-linux-advanced-administration-guide/68755.htm
- Trend Micro
- Damage module unauthorized tampering with the Web server (Apache) both at home and abroad
- http://blog.trendmicro.co.jp/archives/6888
- If you have any information you can provide regarding this, contact us
- Please fault.
- ================================================== ====================
- JPCERT Coordination Center (JPCERT / CC)
- MAIL: info@jpcert.or.jp
- TEL :03-3518-4600 FAX: 03-3518-4602
- https://www.jpcert.or.jp/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement