Attention on the use of a previous version of Plesk Panel

MalwareMustDie Apr 9th, 2013 172 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. JPCERT-AT-2013-0018
  2.                                                              JPCERT / CC
  3.                                                             2013-04-08
  6.                   <<< JPCERT / CC Alert 2013-04-08 >>>
  8.       Attention on the use of a previous version of Parallels Plesk Panel
  13. I. Overview
  15.   In JPCERT / CC, Apache module that was incorrectly installed on the server
  16. Web tampering with JavaScript you more when browsing Web site is not intended to be inserted
  17. I have received a number of reports on. When you visit a site that has been tampered with, the results
  18. There is a possibility that the user's PC is infected with malware as.
  20.   Hay Center - According to the information received by, at these sites, end-of-support date
  21. Previous version of Parallels Plesk Panel that contains the version of the slice is often used
  22. It is the thing with being. to the server where Parallels Plesk Panel is running,
  23. Software (MySQL, BIND, such as phpMyAdmin) various attendant is installed
  24. May have been the user is aware that use of these software
  25. For thin, in many cases you are running an old version of the inherent vulnerability
  26. To.
  28.   All of the cases on the establishment Apache Web falsification of this is the wrong module brittle
  29. Have not been confirmed and is intended to and caused by the vulnerability, like that inherent vulnerabilities
  30. If you are performing the operation in the state, exploiting the vulnerability by an attacker, such as falsification Web
  31. So may be subject to damage from the viewpoint of prevention, Parallels
  32. Also other software as well as body Plesk Panel, and products are included in the OS
  33. I recommend that you include to update to the latest state.
  35.   Some attacks, SQL that exist in the previous version of Parallels Plesk Panel
  36. Account information is stolen or using injection vulnerabilities, the initial configuration
  37. If you have set your password or simple password dictionary attack by the red
  38. Now check the case count information is identified, have been made invalid login
  39. To. Also, after logging in, using the cron manager feature of Parallels Plesk Panel
  40. Te malicious scripts to work, Apache module as a result of incorrect installation
  41. I have also confirmed that it is.
  44. Measures. II
  45.   If you are using Parallels Plesk Panel to manage your Web site more than
  46. Please consider measures below.
  48.   - Update to the latest version of Parallels Plesk Panel
  49.   - OS included in the server, update the latest software
  50.   - To restrict access to the Parallels Plesk Panel
  51.     (Eg, limited to a specific IP address)
  52.   - Set a secure password
  53.   - The task of root privileges from the settings screen of Parallels Plesk Panel that uses
  54.     Prohibits the execution (* 1)
  56. In the following cases, the default setting (* 1), Parallels Plesk Panel is the utility
  57. We are allowed to run as root and script properties.
  58.   - Scheduling of tasks in cron manager (version 8-11)
  59.   - Event handling in the Event Manager tool (version 11)
  60. In order to prohibit the operation of these, an empty file in the following path and file name
  61. Please create. $ PRODUCT_ROOT_D is RPM-based systems
  62. / Please read on systems usr / local / psa, the DEB-based and / opt / psa.
  63.     $ PRODUCT_ROOT_D / var / root.crontab.lock
  64.     $ PRODUCT_ROOT_D / var / root.event.handler.lock
  66.   For more information, see the following "Protecting from Running Tasks on Behalf of root"
  67. Please.
  69.     Enhancing Security
  73. Reference information III.
  75.     Parallels
  76.     Parallels Plesk Panel 11.0 for Linux Release Notes
  79.     Parallels
  80.     Best practices for security of Parallels Plesk Panel
  83.     Parallels
  84.     Enhancing Security
  87.     Trend Micro
  88.     Damage module unauthorized tampering with the Web server (Apache) both at home and abroad
  92.   If you have any information you can provide regarding this, contact us
  93. Please fault.
  95. ================================================== ====================
  96. JPCERT Coordination Center (JPCERT / CC)
  97. MAIL:
  98. TEL :03-3518-4600 FAX: 03-3518-4602
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand